Sources of Auth Truth

Depending on your needs, for example speed and security of login, you can choose various combinations of authentication truth. For example, if most users are on desktops and you need convenience and speed, you may go for Biometric+Messaging.

Choose an authentication type to learn more about it's authentication truth:
Biometric
Auth

Messaging
Auth

Biometric+
Messaging

Hardware
Tokens
Email
Confirmation

Truth Source - Smartphone's Biometric Sensors ONLY
Only the user who can unlock the device will be able to confirm Logintaps.

Best for use cases where using a messenger is not an option, for example, some corporate software; or when all users are on mobiles only and messenger becomes an extra step.

Security is extremely high and provided by biometry of the mobile device using the WebAuthn protocols. Logintap automatically jumps between face ID or fingerprint, depending on the device's capabilities.

For older devices without biometric sensors - PIN code unlock will be initiated.
NO Biometric Data is Transferred/Received/Stored

The biometric data stays on the device itself and is never even transferred. It is the device itself that checks for matching fingerprint and faceID, not the Logintap server.

The device generates and sends back security tokens to Logintap to relay if the user was successful in finger/faceID check.

The WebAuthn world standard is used, so a user is sent over to a unique hashed auth session web link to perform the biometry recognition, not to some proprietary black box native application with limited support.

Thus Logintap relies only on world-class software supported by world-class companies like Apple, Google, Microsoft, etc.

Truth Source - Instant Messaging Confirmations ONLY
User confirms identity via Push notification received via one of messaging services available on the Logintap. We constantly work on adding more choices.

Messaging service is an auth request conduit & the security check - note that most messaging services employ their own internal security, like phone number confirmation, device change re-signings, the phone unlocks. However, just a messaging delivery, without the biometric confirmation provides a weaker level of protection, mostly because most messaging services allow installing to a second desktop device and it is not always possible to only accept mobile YES confirmations.

Best for use cases where quick and simple login is needed and no extremely valuable data or financial risk is there. For example, logins to customer service accounts of gyms, power companies, real estate management, etc.

Security is average, on par with SMS/TXT PINs, and is provided by tokens of messaging services.

No New Apps - Works for Billions of Users

Most other second factor systems either require installing some custom mobile application to all your users' devices, thus making it unusable for consumer-type cases; or send costly sms/txt messages with one-time codes, making auth inconvenient and unreliable.

Logintap uniquely and innovatively uses the existing world-class software supported by major tech giants to deliver auth requests and receive confirmations.

Moreover, all that software is already on Billions of end-user devices, and everyone knows how to use it.
Truth Source - Biometry + Messaging
Phone's biometric sensors PLUS tokens received during messaging are needed to confirm logins. If anything does not match, Logintap will return an error.

Messaging acts as both - an auth request conduit, PLUS an additional security check - note that most messaging services employ their own security, like mobile phone number confirmations, device change re-signings, phone unlocks, message encryption, etc.

Best for use cases where remote confirmation is a must. For example, e-commerce solutions can provide a WOW level secure login using this combination, or when the user who needs to confirm a transaction is NOT in front of PC, like for business process signatures.

Security is extremely high and provided by biometry of the mobile device using the WebAuthn protocols. Logintap automatically jumps between face ID or fingerprint, depending on the device's capabilities.

For older devices without biometric sensors - PIN code unlock will be initiated.
NO Biometric Data is Transferred/Received/Stored

The biometric data stays on the device itself and is never even transferred. It is the device itself that checks for matching fingerprint and faceID, not the Logintap server.

The device generates and sends back security tokens to Logintap to relay if the user was successful in finger/faceID check.

The WebAuthn world standard is used, so a user is sent over to a unique hashed auth session web link to perform the biometry recognition, not to some proprietary black box native application with limited support.

Thus Logintap relies only on world-class software supported by world-class companies like Apple, Google, Microsoft, etc.

No New Apps - Works for Billions of Users

Most other second factor systems either require installing some custom mobile application to all your users' devices, thus making it unusable for consumer-type cases; or send costly sms/txt messages with one-time codes, making auth inconvenient and unreliable.

Logintap uniquely and innovatively uses the existing world-class software supported by major tech giants to deliver auth requests and receive confirmations.

Moreover, all that software is already on Billions of end-user devices, and everyone knows how to use it.
Truth Source - Hardware Tokens
A user needs to unlock the phone and apply the hardware token using NFC, BLE or USB to be able to confirm logins. If anything does not match, Logintap will deny authentication.

Transfer to mobile for token auth can happen in different ways, depending on your needs, for example using QR code, using SMS auth link, using mobile messaging service.

This auth type is mostly used for corporate-type use cases, where hardware tokens are a part of corporate security policy. In remote user related cases, this schema is not recommended, as it is often cumbersome and expensive to connect and exchange tokens when lost or broken.

Security is extremely high and provided both by the need to unlock the mobile device and by unique hardware token by means of the WebAuthn protocols. This feature is turned on on Logintap's side, so please request it for your account at support@logintap.com.


Truth Source - Email Confirmation as EXTRA step
This step works as an ADDITION to other types of authentication, as a way to confirm a user's email address ownership before any other authentication is attempted.

The email confirmation appears when a user:
- was transferred to the mobile device for the first time and you want to confirm his identity by email
- logs in from a new device and we need to establish identity by email
- wiped clean the device's cache and browser memory

This auth type is often used for:
- OpenID Connect, as some systems DO require users' emails to create an account, or update an account with OpenID credentials.
- connecting the authentication from an unprotected environment, for example creating biometric access without the initial login.

Security is based on what other method is used, as email PINs are just an additional check and is mostly used for technical purposes, not for security improvements.

The way you turn on this feature is in Settings of your Logintap account in "Authentication mode" section: