简体繁体中英

Passwordless SMS authentification - Token expiration & Security

原文 2022-04-19 12:32:35 8 1 security/ authentication/ twilio/ sms/ token

I am looking to implement a passwordless solution for a mobile app currently in production. The aim is to make the login process smoother for the users by removing the use of a password. Since the app is mobile only and that the phone number of the users is already used as a username I feel like a solution using Twilio to generate an OTP (one-time-password) to login is a good alternative.

N.netheless today when a user logs in, the authentication token has no expiration date (he stay logged in forever). I would like to know if using an OTP to generate such unlimited (or very long lasting) auth token would be considered as a security issue. Is there some best practice to take into consideration like refresh tokens or other...

To be clear my question is:

Is using OTP with SMS considered as a good practice to stay always logged in to an app? And do you see any flaw in my reasoning?

Thank you !

1 answers

Look https://bere.al/en , Bereal use this system to auth users. We have probleme when you change/lose you sim card. But I don't see any security problem.

Extend Firebase SMS Expiration Time

Firebase : Facebook authentification with Firebase token not working

Firebase Authentification expiresIn (time needed for token to expire )

Increase aws session token expiration time

FastAPI: security with firebase token

The security token included in the request is expired

Validate Azure AD access token with spring security

AWS S3 signed url keep throwing token expiration while trying to retrieve object

Is it possible to send a SMS contain one-time-token to specific phone number through Firebase Authentication?

Necessity of Firebase Auth ID token validation, even if there are security rules of database?

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Extend Firebase SMS Expiration Time Firebase : Facebook authentification with Firebase token not working Firebase Authentification expiresIn (time needed for token to expire ) Increase aws session token expiration time FastAPI: security with firebase token The security token included in the request is expired Validate Azure AD access token with spring security AWS S3 signed url keep throwing token expiration while trying to retrieve object Is it possible to send a SMS contain one-time-token to specific phone number through Firebase Authentication? Necessity of Firebase Auth ID token validation, even if there are security rules of database?

Related Tags

Passwordless SMS authentification - Token expiration & Security

Question

1 answers

solution1 0 ACCPTED 2022-04-19 12:39:04

solution1
0 ACCPTED 2022-04-19 12:39:04