Can somebody shed some gentle on the safety behind cell phone logins on cell apps?
Uber and Lyft ask the person to login utilizing their cell phone, I am assuming as a result of it’s a extra distinctive identifier than e-mail, after which they textual content you a verification code to enter. As soon as the code is entered and the cell quantity is verified, you’ll be able to login. Additionally they by no means log you out until you manually sign off.
It appears as if this has taken the thought of two-factor authentication (one thing you recognize and one thing you might have) and mainly dropped the “one thing you recognize” portion of it (a password). Is that this true? If somebody had been to steal your cellphone they might basically bounce into the Uber or Lyft app and use it as a lot as they need with out ever having to confirm (in fact till you catch the fees in your bank card).
Is there an additional layer of safety I’m lacking? It might not matter as a lot for an app like Uber or Lyft, however what about for a medical app that have to be HIPAA-compliant? I discovered 98point6 the opposite day, they usually appear to make use of the identical cell phone login strategy. Nonetheless, they log you out after 15 minutes of inactivity (HIPAA laws) and so you will need to enter your cellphone quantity and the texted verification code each time to make use of the app.
Apologies for the long-winded submit, however I simply need to perceive the advantages of a login strategy like this (is it simply so that you just by no means must enter a password?) and additional, is there an additional layer of safety I’m lacking that permits for even HIPAA-compliant apps to take this strategy?