SnapID eliminates a lot of hassle and aggravation by allowing users to simultaneously login and authenticate without an ID or password. Users simply text the one-time-password (OTP) displayed on the screen of the web page or app from their phone to us and we make a secure handshake with the website's server behind the scenes. No browser interaction is required and therefore there are no "man-in-the-middle" attacks because there is no "middle."
As a result a logical question is "what happens if I lose my phone?" Does a lost phone mean that anyone who picks it up can log into any website?
Not to worry. SnapID is safe and, in fact, safer than other types of two-factor authentication use the more traditional process of having a code sent by text to a mobile phone. Here's why:
- First of all, your phone is locked (isn't it??). Text messages sent TO your phone can still be seen on a locked phone's screen but YOU CAN'T SEND A TEXT MESSAGE FROM A LOCKED PHONE. As a result the login/authentication cannot be completed unless the phone is unlocked, making SnapID safer than standard two-factor authentication processes that text codes to your phone.
- Let's say you want to be doubly sure that someone else who has your phone can't use it to login to your accounts even though your phone is locked. We make it easy. SnapID can be deactivated without deactivating your phone. Unlike other two-factor authentication methods SnapID has a website function allowing you to login (using a standard ID/password combination or the SnapID capability, which you obviously can't use if your phone is lost or stolen) and suspend the functionality of the phone for SnapID logins. You probably don't want to deactivate your phone with the carrier until you are sure that it is gone; you can still deactivate SnapID while you are looking for your phone.
- SnapID can be deactivated by someone that you designate as your "delegate" by them simply sending a text message from their phone to our system with the appropriate command.
- Websites can set up SnapID to require an additional PIN after you have sent the one-time-password. So even if your phone isn't locked, anyone with your phone would have to know your PIN, too, to be able to use it to login to any of your accounts. (The PIN, by the way, can be configured to require a second text message to be sent or to be entered directly on the web page.)
Losing your phone or having it stolen is bad enough - we make it easy to protect yourself through this series of safety nets for SnapID.