What is the right authentication flow for me?
Let's first start with definition and high level overview. There are 3 sign up / sign in flows that idemeum passwordless platform offers:
- One click login - simplest and the most intuitive authentication flow for users. They just need to click a button. We leverage token based authentication for this flow.
- Biometric login - this flow provides additional level of security by authenticating users with biometric. Webauthn is used to authenticate users right from mobile or desktop browser.
- Login with idemeum app - most secure and 100% private authentication method. All user information is stored on a mobile device. App offers multi-factor authentication leveraging hardware backed storage and FIDO2 protocol.
Detailed flow comparison
Let's take a look at the nuts and bolts for how idemeum passwordless authentication flows work.
One click login
Behind the scenes one click login is leveraging token based authentication. It provides the most simple and seamless user experience as users do not have to install any additional software (it is browser-based), and all users need to do is to click a button to login.
As a first step, users need to create identity with idemeum by verifying email or phone number. Once that is done, a token is assigned to each user that allows seamless authentication across various apps.
When users create identity, the information (email or phone number) will be stored at idemeum backend, so that when the user is authenticated the identity token representing the user can be returned to application integrating with idemeum.
Biometric login takes one click login to the next level by adding biometric based authentication using Webauthn. When signing up users register with Webauthn in order to create a public / private key pair protected by biometric. Once that is done, all subsequent logins will be using a thumbprint or a face scan.
All user interactions are happening right from the browser, whereby providing seamless experience across mobile and desktop platforms. The only requirement is that browser supports Webauthn (which most of them do today), and in case it does not the flow will always fall back to one click login as a backup.
Login with idemeum app
Login with idemeum app takes security, privacy and portability to the next level. Users only need to set up their idemeum identity once - they download an app and take 2 minutes to register by verifying email, phone, and ID document.
The key here is that all user information stays on the device only. It is 100% private. We do not have any PII information in our backend. What that actually means is that idemeum app is a decentralized identity stored on a mobile device.
Decentralization allows to achieve maximum portability with digital identity. We designed idemeum so it can be used to access personal as well as corporate resources. No need to maintain separate accounts or applications.
Need more information?
Stay tuned 😀
Demos and detailed flow descriptions are coming soon.