13 November 2020

What is Mobile Identity?

It’s said that more people today own a mobile device than a toothbrush. Whether you find this horrifying or a simple fun fact is up to you, but you can’t deny the reality: the world is moving away from desktop and laptop computing to mobile, and the challenges of identification and authorization are changing as well. There is a different kind of identity at play here: mobile identity.

In the olden times, if you wanted to log in to a website or a service, all it took was a password. It was a simpler time, but security was simple as well. Fast forward to today, in a mobile-dominated world, there are numerous ways of verifying and authenticating a user, the unique mobile phone number being the key identifier.

In short, Mobile Identity is the utilization of a mobile device to verify a user’s identity, leveraging the user’s attributes to enable the end-user to access services across a mobile network. In other words, it ties you to your mobile device.

Why is it crucial for the mobile-based economy?

The problems we face are cybersecurity, multiple digital identities per person, and the demand for convenience.

  • Cybersecurity: According to GSMA, more than 75% of users across Asia have experienced some form of online theft, and businesses lost over $171 billion to data breaches in the APAC region. This is a serious privacy and user trust concern: if a business can’t ensure the security of their user data, consumer confidence will eventually tank.
  • False digital identities: According to GSMA figures, 50% of users in the UK falsified their account details when they were signing up for the website/service. This is understandable as users want their privacy intact, and giving out false information pretty much guarantees that their data is safe – because if they don’t give it out, it can’t be breached.
  • The demand for convenience: Users generally dislike friction and tend to stop using the app/service if the authentication routines prove to be overburdening. However, they also demand the highest security when it comes to the services they use, and they’re right on the money: apps that handle very sensitive data, such as banking apps, need to implement the necessary security measures.

The three factors of authentication

There are several ways to verify a user, and they vary in their reliability. Most apps combine two of these factor categories, forming a two-factor authentication (2FA).

  • Knowledge-based factors: these include the usernames, passwords, security questions, or personal identification numbers (PIN). These are considered weak in security terms, because users might recycle their usernames and passwords, and security questions are ridiculously easy to guess most of the time. For more information on this, please read our blog about Passwordless Authentication.
  • Possession-based factors: These factors focus on what a user “has”, like a hardware-based one-time-password token (OTP) or a software solution like an OTP app. Possession-based factors are often combined with the traditional password to harden the security by adding another dynamic credential. One-time-passwords used to be generated on hardware specifically designed for the use case, but today, they are generated, delivered by SMS, and displayed on the device, making it easier for the user to enter the necessary verification code. The key point of OTP is that every phone number is unique to the user.
  • Inherence factors: These are closely linked to who users “are”. These factors include biometrics such as fingerprint readers, facial recognition, and voice recognition. This factor is considered the most reliable way of authentication, as they rely on the inherent attributes of an individual. The widespread adoption of fingerprint readers on smartphones allows apps to utilize this factor as a part of their authentication routine, hardening their security even further.

OTP is the most commonly used authentication factor in the world

OTP offers the perfect balance of security and convenience. It leverages the fact that every user’s phone number is unique to that individual, and it renders the use of passwords obsolete. The only hindrance to OTP is the delivery costs incurred by sending a huge number of texts to every user upon log-in. To combat this, VerifyKit offers alternative OTP delivery channel WhatsApp alongside the traditional SMS, significantly reducing delivery costs while enhancing user experience. 

Most Viewed Posts

18 September 2020

What is the Best Phone Number Verification Method for Your Users?

SMS provides a secure way to authenticate users during phone number verification, but it’s not your only option. This article explains. Phone numbers offer the benefit of being unique; every mobile phone owner is assigned a different number. Stealing someone’s phone number or obtaining...

25 September 2020

How to Cut User Verification Costs

User verification is a must to ensure your app attracts genuine users – but it comes at a cost. Learn how to cut verification costs below.  Account security – how to keep users safe from scammers and hackers – is a leading priority for app developers. For that reason, user...

24 February 2021

Going global: the challenges of app localization

You have your app up and running and it’s ready for prime time on the app stores. It can be downloaded and enjoyed by billions of people around the world, as app stores are global marketplaces for apps. Technically, yes, that is true. App stores are a great way to reach global audiences, but...

4 September 2020

Why Phone Number Verification is Crucial for Account Security

Security is a top reason as to why app developers are turning to phone number verification to authenticate users. This article explains. A big concern for app developers is account security; how to verify that users are genuine human beings and not scammers or hackers. Email verification...

19 August 2020

Creating a Binary Framework in iOS with Swift

We all use a lot of frameworks in our daily development routine. We just type the magical word “import” and it’s all set. But what’s happening behind that import statement? How do you make it possible for your fellow developers to use your classes with just one line of code? Today, I’ll...

7 June 2021

The story of VerifyKit

Every brand has an origin story. Ours is one of dedication and hard work, how we developed VerifyKit and nurtured it to the global brand that it is today. In a nutshell, it’s the story of challenging ourselves at every corner, finding our own solutions to the problems we face, and sharing...

18 January 2021

5 Tips for Developers Who Are on the Road to Success

The field of software development is extremely diverse and it continues to grow every year. More and more people are entering the industry every day and there are many different ways of doing it. Some choose to go to college/university to pursue a degree, some go to coding boot camps for a crash...

1 April 2021

4 Tips for Better Mobile App Security

The number of mobile apps is growing daily, and the issues of mobile app security and privacy continue to intensify as a result. Security professionals are growing more and more worried that common web app security practices aren’t cutting it anymore. While security professionals are busy...

26 January 2021

How to Boost Your App’s User Engagement in 2021

The smartphone era is synonymous with the app era. With mobile phones dominating most of our waking hours, it’s the apps we interact with, maybe more than actual people. As users, our app engagement is at an all-time high. It’s hard to ignore the fact that we built a habit of mobile phone...