Merlin Bird ID
What IS that bird you just saw? Merlin knows.
Start new thread
Richard Shepherd

DID - The simplest way to add passwordless auth to websites & apps

by
Memo
DID is the fastest and simplest way to get authentication done on your website. DID authenticates with a key pair stored on the user’s device. Authentication is instant and passwordless. DID is an identity provider compatible with Oauth and Open ID Connect.

Add a comment

Replies

Best
Kevin Quinn
Cool product, though the private key stored locally brings up a question. Can you explain what options a DID user has if their laptop containing the private key is stolen?
Richard Shepherd
Maker
@idontremember Hi Kevin, thanks for your question. If any device is lost (including a laptop but it could be a phone or tablet) then the user has the option to untrust that device from inside their DID account. The user needs a device that isn't lost in addition to the one that is lost but if the user can access the internet, they can access their DID account and untrust a previously trusted device. What we also found during our testing and gathering rounds of feedback is that devices tend to be locked either with a pin code, a device password or something more personal like your face scan or fingerprint scan. If the device is lost, the theif would still need to access the operating system. It's worth adding I feel that, while devices do get lost and stolen, they are much harder to steal than a digital password is to phish or crack for example. We advise users to only trust devices that are secured with biometrics or pin codes to mitigate this risk, however. In addition to this, if a device is stolen that has no 'lock', the thief could still access websites that have long-lived sessions or 'saved passwords' in exactly the same way. Our aim has always been to make sure DID's device authentication at least as secure as a username/password sign in with our focus being on convenience for the user and potential conversion improvement for the website. I hope this answers your question, please let me know if you have any other comments and thank you for your interest in DID.
Alex Tassone
Cool product given the CX it can achieve. How has your feedback around "security concerns" been so far and are you looking to take this to enterprise products too?
Peter Saxton
Maker
@alextassone once people realize that almost every password based authentication solution has an email reset and that DID is at least that secure we have received good feedback. We are focused on improving User Experience without any compromise when compared to existing system. We think we have achieved that. There are enhancements that could add even greater security, such as locking you account to only be accessible from trusted devices, i.e. no more email reset. These are things which we can roll out overtime with customers of DID having to make no changes to their integration with DID, these features are on our Roadmap. Could you expand a bit on what you mean by enterprise product? Something that enterprises could use to authenticate there own employees?
Alex Tassone
@crowdhailer yeah sure. It is for both internal enterprise tools and also for enterprise grade products such as a new mobile app for financial traders at the large banks.
Peter Saxton
Maker
@alextassone We would potentially tackle these audiences however the market is quite crowded for very high security requirement solutions. So we prefer to focus on improving CX and then look to add the enhancements I mentioned in the previous comment.
Alex Tassone
@crowdhailer cool, thanks!
Peter Vandendriesse
Super interesting, as passwordless login has been a friction point for us, in finding the right "balance" of pleasing users. (Some love passwordless, some want passwords, some want SSO via social, but having all of these would be ultra confusing and result in multiple accounts). I actually inadvertently have multiple PH accounts due to bouncing between their SSO options. Brutally-honest nitpick - your explainer video comes across as very amateurish with the low-budget, animate-a-doodle stuff. This is a big step in the right direction for user experience and tech, and should be treated as such in that video. I'd recommend dropping the goofy music and doodles and focus on a clean video that shows exactly what the end user would see/experience using DID, as well as a few points addressing security measures taken. Hope that helps, and good luck!
Tom Medema
Great solution, particular interesting to track conversion rates with the reduced friction this provides, as a commenter has already mentioned! Also, I left some tips for you here on your landing page that I hope is helpful to you! -- https://app.usebubbles.com/f3377...
Peter Saxton
Maker
@tom4 Thanks for the feedback, and bubbles is a nice tool
Yevhenii Kurtov
?makers the product is really lovely! I remember I saw few mentions about something in Elixir/Phoenix circles. What tech stack are you using? Is there any open-source products around DID?
First
Previous
12