views:

277

answers:

4

What are some iPhone or Android applications that use SMS as their primary means of user authentication?

I'm interested to see such apps in action. SMS-auth seems like a natural approach that is well-situated to mobile contexts.

The basic workflow is: to sign up, a user provides a phone number; the app calls a backend webservice which generates a signed URL and sends it to the phone number via an SMS gateway; the user receives the SMS, clicks the link, and is thus verified and logged in. This results in a very strong user identity that is difficult to spoof yet fairly easy. It can be paired with a username or additional account attributes as needed for the product requirements.

Despite the advantages, this does not seem to be in much use - hence my question. My initial assumption is that this is because products and users are wary of asking for / providing phone numbers, which users consider sensitive information. That said, I hope this becomes an increasingly more commonplace approach.

A: 

It's not very common to have SMS gateway available! Also using it (sending SMS messages) costs quite a lot compared to sending emails.

Much easier to just generate and send verification email.

JOM
It's definitely easier, agreed. It's also easier not to even send an email ;). SMS is expensive, as well, yes. But you have easily an order of magnitude more powerful trust in your users as real, unique individuals. (bulk VOIP numbers being one area of trouble in this regard, but there are ways to deal with that, too.)
JSW
+1  A: 

This is mostly used for employee authentication ... there is a strong value in replacing the older physical tokens with a new SMS based two-factor authentication to ensure that the users accessing your corporate systems have not had their credentials stolen. We're a technology leader in this space and is the partner that worked with Citrix Systems to develop SMS Authentication for their iPhone Receiver. The benefit is that you gain strong two-factor authentication in an easy to use fashion specifically for the iPhone that do not support multiple applications at the same time. For other systems such as the VPN client from Cisco and most other Windows and Android phones, you can run multiple apps and therefore establish a secure connection using standard vpn and ssl vpn technologies.

The Citrix Receiver for iPhone was one of the most downloaded business apps on the store, I've been told.

If you want to learn more about it check out both the Cisco VPN and the Citrix Receiver implementations for SMS Authentication at http://blog.smspasscode.com/

I hope this information is helpful to you.

Rgds Lars SMS PASSCODE

Lars Nielsen
Lars, I've seen your site and the Citrix receiver app as one of the only iphone examples of SMS auth. Per my question are you aware of any other apps, especially consumer-focused apps, which employ SMS auth?
JSW
Agreed, have seen that in business apps. Do something on website, receive pin code via SMS and use it to login. Should have read the question more carefully, since it seemed to be more generic. I would still say using this system for non-business apps is too expensive == cost per each login.
JOM
A: 

WhatsApp does. The app sends a SMS to the phone number you entered, and if you receive the message, they create your account and you can use the app.

retsrif
A: 

Loopt for iPhone is a good example. As part of initial sign up you provide your phone number and are sent a confirmation SMS to complete the process. It's simple and painless.

JSW