This article has been indexed from DZone Security Zone
Registering users, logging them in, verifying credentials, and ensuring extra checks at specific in-app tasks are user journeys most digital businesses have to build. These account journeys are in a constant race between security considerations and usability. From the days of the simple username and password, barring the inevitable password recovery flow, things became increasingly more cluttered with two-factor authentication possession verification via SMS OTP, step-up security checks using authenticator apps, or magic links by email.
By now we know that there’s no such thing as a strong password, that SMS OTP, although a standard choice, is not as secure as once thought, and that authenticator apps create poor UX for users. So what’s the alternative? Identity on the blockchain is quite a way off from the mainstream, and biometrics are not suitable for every type of verification. In the short- to medium-term, the user experience of account journeys will continue to rely on two-factor (2FA) or multi-factor (MFA) authentication.
Read the original article: Implement Passwordless Verification Using Mobile Number and SIM