No reviews yetBe the first to leave a review for Copper
Unblocked — Get AI agents to generate code that fits your system.
Get AI agents to generate code that fits your system.
Promoted
This looks exciting to me. But I'm a bit naive as to the engineering realities. Hoping to see lots more comments here discussing use of this.
Report
@jimcanto There is more of an usability and trust issue here.
Implementing the mobile number as the prime authentification method is a huge emotional investment to ask from a prospecting user. This is not a commitment for 2-way authorization hence a second security layer that already ensured the user being involved and having a foot in the door in the users mentality. The mobile number has been shown to be a way more intrusive information to ask for then compared to an anonymous account and mail or oauth.
Report
@andmitsch Sounds like a good thing if one is interested in thwarting spam accounts within their app.
And, to your point; it would require the app be compelling enough to meet that trust threshold.
Interesting.
Report
@jimcanto@andmitsch I think I'd use it in my app (wip) if I make signup itself optional. Users can be onboarded without any signup and only asked to authenticate by phone number for a certain app feature when they clearly see value doing so. Not at the beginning of using a new app, I wouldn't give my phone number at first if I'm the user.
Report
@garyfung@andmitsch ...wouldn't give phone number? Even if you believed it would not be kept, used, or sold? Or would you simply not trust those promises at first?
Report
@jimcanto@andmitsch Wouldn't trust promises from a new app I don't know but just trying at first. And I'm speaking as putting myself in a normal user's shoes.
A few bugs with the login process but overall pretty smooth. Do you worry that Twitter could just expand Digits to do the exact same thing and is there a level of 2FA here? If someone gained access to my phone there's no real recourse.
I have a security question, and forgive my ignorance, but it seems like someone might be able to get a bunch of texting numbers do mass signups? I have no idea why someone would want to do this, but just curious about the likelihood of that / how Copper prevents that? This really does look awesome! I hate passwords so I'm a big fan of this already!
@dev_gar I'm not sure I understand the question but I'll address security in general. We take it seriously, use encryption where possible, use SSL for all network traffic, use platform security features from our infra. providers, and go through a regular security audit with an outside firm. From an application perspective, we have rate limiters, short expiration times for codes and similar features to limit the potential for abuse. For example, you couldn't send a phone number in and try 000000-999999 in a single setting to guess the right number. Security is a posture and never done, so this will improve, but I want you to know it's something we think a lot about.
Report
Love the idea, but a few concerns. What about international customers? Seems like you'd lose a lot of international signups. Also, in terms of a b2b applications might also have high bounce rates and lose signups because users are not comfortable putting in their phone number in a business context.
@johnny5sf we had some hiccups this morning preventing users with phone numbers from certain country codes from successfully receiving the code, but we have fixed those. So users from anywhere in the world should be able to use Copper. That being said, we see many problems with SMS, delivery rates and security concerns, chief among them, which we'll fix in future revs.
Copper, as it is today, was primarily designed and built for consumer services. We've spoken with a few enterprise apps and there is a long-standing preference for email and passwords because they are a known pattern and (ironically) they are easier to share (think teams). We'll be bringing email into the fold as an identifier soon to address your concern, and have some great ideas on how teams can benefit from Copper as well.
Report
This seems really clever and secure. What are the consequences if the user changes their phone number? Is there any way to port an account over?
@kaizendad not yet -- there are some obvious security considerations to think through there. Changing phone numbers is an infrequent thing for most people so we felt that we could add this feature soon. We know this is something we need to tackle and will be doing so very soon.
Imagine what this could do for fintech startups if KYC is added! Is this something you are planning to do? We would pay for that!
Imagine one KYC that's universal and connected to your phone number.
@dougw Thanks for your response!
We do all our verification manually at the moment (@funderbeam). Users have to upload an image of passport or national ID. Would be amazing if people could do that with you, and then be able to sign up for all business that are affected by AML legislation and have to go through KYC processes. And, it's a pain for users to have to do this again and again. I've done it three times in the last year, and even if it is as smooth as with @number26
Report
@dougw PH says you mentoined me I can't see them (tried 3 times, posted 3? Ugg😕) --- indeed, now I'm back using PH website instead of the app, just gave you a reply by editing my responses in a row. Changing history! Feels great! 😄
@otto_offringa hey now, I can see everything. Thanks for your persistence, we're listening. If problems persist, you can reach me at doug@withcopper.com.
Thanks for the number. We're looking into it rn.
YT Music
Copper
WebContainer API
Copper
Copper
Copper
Funderbeam
Copper
Funderbeam
Copper