There are several steps and features that makes Cotter a powerful authentication service for you. To use the most out of Cotter, these are the steps of how Passwordless Login, Trusted Devices, and Biometrics come together:
Cotter works as a universal single-sign-on for all websites and apps that integrates Cotter. Users who have verified their email or phone number once in any of the participating apps will not need to re-verify email & phone number. To enable this, Cotter uses the OAuth2 protocol.
Your users don't need to be redirected to Cotter's website, or even know that Cotter exists. You can embed Cotter inside your website and app.
Trusted devices works like DUO or Apple's Trusted Devices. Basically, we turn your mobile device into a security key such that your account is only accessible from the devices that you trust.
The way this works is we create a cryptographic keys and store it in your device's secure storage. We'll then use cryptographic functions to check the requests produced by the key in your device to authenticate account access. Learn more at FIDO.
Trusted devices are available for mobile apps, and websites with an accompanying mobile app. If your website don't have a mobile app and you want to utilize this functionality, your users can download Cotter app instead.
For extra security, you can protect these keys that we created using Biometrics (if user's device supports it), or a PIN. This Biometrics/PIN are handy to protect transactions or sensitive information such as medical records.