[mpatachi]

First of all, thanks for all the great feedback. We’ve just launched in beta and we are striving to make UNLOQ the simplest authentication system. We know that we have a long way ahead of us so we appreciate all the feedback. Here’re a few answers to the comments I’ve seen above: 1. We believe it is a two factor: something you have = your phone; something you are = you’re fingerprint (for the phones that comes with this option and it is enabled); something you know = you’re PIN (you can set additional PIN’s on your profile). 2. Regular two factor provides you with a code to insert in the browser after you authenticated with username and password. We make use of two channels in order to authenticate a user: the browser used to provide the identity and the service’s server - UNLOQ server - device to provide proof of identity. We believe that this makes the system harder to break through man-in-the-middle type of attacks. 3. We know we still have to work on user experience, but entering just your email and then approving on the phone the request seems easier than entering the full set of credentials followed by another security code (as 2fa proposes)

[MacsHeadroom]

Even if it is two-factor, for the reasons you described, it's all over a single channel. There is no out of band mechanism- meaning this can easily be MITM'd. UNLOQ is poor authentication security in more ways than one.

By the way, the founders of Duo Security hold the patent on completing an authentication from a smartphone. Something to keep in mind. http://www.google.com/patents/US20110219230

[devinegan]

It looks like that patent had a final rejection in 2013. http://portal.uspto.gov/pair/PublicPair (13/039,209)