🔐 Sign In with Device
A Trusted Device is a mobile device that you trust, where you can access your account without needing a password. When you try to access your account from a Non-Trusted Device, it will require an approval from the app installed in the Trusted Device.
Usually, your first Trusted Device will be the mobile phone you used to register to an app. You can then add other devices to be a Trusted Device for your account.
Cotter's SDK follows the FIDO Protocol to implement Trusted Devices. The way it works is that Cotter's SDK will generate cryptographic key pair that replaces your password. This key will be stored securely in your device. Because of this, your device is called a Trusted Device, because your device is the only one who knows this keys.
Because of the way asymmetric cryptography works, your secret key is never sent over the internet to any server, not even Cotter's server. We only need to verify that requests are actually made with the key using cryptographic functions, to ensure that it is actually coming from your Trusted Device.
