Frequently asked questions
You do not. Actually.
Even in SaaS, we are designed in a way, that no one has any info on your users. We do not even have your user IDs in any way. You create new user in Logintap, receive our ID and use it for our system to work with. No user names, emails, passwords, nothing leading to your users.
Also, we could tell you all the smart security terms on protection, just like others do. All that is obviously present. But we made it simpler - we do not know neither your users, nor the actual application where you auth them into. Thats it.
For the on-premisses version, it is obviously even more secluded, as all works from your servers.
Even in SaaS, we are designed in a way, that no one has any info on your users. We do not even have your user IDs in any way. You create new user in Logintap, receive our ID and use it for our system to work with. No user names, emails, passwords, nothing leading to your users.
Also, we could tell you all the smart security terms on protection, just like others do. All that is obviously present. But we made it simpler - we do not know neither your users, nor the actual application where you auth them into. Thats it.
For the on-premisses version, it is obviously even more secluded, as all works from your servers.
You just quit and get back to how you work now. Stop your system from sending auth requests and that's it. As Logintap has no data on you users, there is nothing to take, give or download.
If using a Custom plan with your own branded messenger channels, you:
(a) fully keep your channels to yourself and
(b) can download connection pairs of your user IDs and messenger bot's user tokens to keep all user-bot subscriptions - using our API or simply asking for this table from our Support.
If using a Custom plan with your own branded messenger channels, you:
(a) fully keep your channels to yourself and
(b) can download connection pairs of your user IDs and messenger bot's user tokens to keep all user-bot subscriptions - using our API or simply asking for this table from our Support.
Just do a live test. It will take only a few minutes to see it work.
Go here - https://demo.logintap.com
Go here - https://demo.logintap.com
Visit our FULL FAQ section, where you will find answers about Security, Account Setup, Auth Channels
Ask us anything else and we will answer it as soon as we can. Please try the online chat available on this site or drop us an email to support@logintap.com
Ask us anything else and we will answer it as soon as we can. Please try the online chat available on this site or drop us an email to support@logintap.com
on Security & Anonimity
0. Second factor auth is the requirement for SOC2, and Logintap is THE easy and secure second factor auth.
1. We only use industry standards for integration and auth - 0Auth, Webauthn, JWT, FiDO2, etc.
2. We only use the most reliable request delivery mechanisms, used by billions users daily - messengers. No reliance on any custom made native application, which need lots of support.
3. We only use most supported browsers as fingerprint and faceID auth, made by Apple, Google and Microsoft, so all the best support is there and there is no reliance on anything custom made.
1. We only use industry standards for integration and auth - 0Auth, Webauthn, JWT, FiDO2, etc.
2. We only use the most reliable request delivery mechanisms, used by billions users daily - messengers. No reliance on any custom made native application, which need lots of support.
3. We only use most supported browsers as fingerprint and faceID auth, made by Apple, Google and Microsoft, so all the best support is there and there is no reliance on anything custom made.
User passes fingerprint or face ID on their own device. So essentially their device is used as a biometric token. All stays on the device itself. Logintap only verifies if the token is not corrupted.
So Logintap does not recieve, store or have any access to any user biometry.
So Logintap does not recieve, store or have any access to any user biometry.
1. Many people store names and passwords in browsers. If anyone gains access to a computer, the consequences are unfortunate. Logintap allows the same convenience - no need to remember login credentials, yet without storing any login data in browsers.
2. A mobile device is at hand most of the time, and in case someone tries to access the account, a user can remotely block it.
3. Logintap has 4 auth pillars and is designed in such a way that there is no break-in point that can allow any access to your system. Unique messenger tokens, dynamic JWT tokens and links, device hardware/software fingerprint, and the last, but as important ↓
4. Biometrics must be passed!!!
2. A mobile device is at hand most of the time, and in case someone tries to access the account, a user can remotely block it.
3. Logintap has 4 auth pillars and is designed in such a way that there is no break-in point that can allow any access to your system. Unique messenger tokens, dynamic JWT tokens and links, device hardware/software fingerprint, and the last, but as important ↓
4. Biometrics must be passed!!!
No,
We do not have any access to passwords or user names or to a place where you auth users. We use a user ID provided by your system, which we recommend to be a hash, to process use auth on their mobile devices.
We do not have any access to passwords or user names or to a place where you auth users. We use a user ID provided by your system, which we recommend to be a hash, to process use auth on their mobile devices.
1. People do not need to remember their passwords anymore. Yet, they will login fast and easy.
2. People do not need to write down their logins and passwords anywhere, to look for them anywhere, to lose them, to risk them being found by others, etc.
2. A great many people do not like using their social profiles for logins. Logintap is as easy to login, yet fully anonymous.
2. People do not need to write down their logins and passwords anywhere, to look for them anywhere, to lose them, to risk them being found by others, etc.
2. A great many people do not like using their social profiles for logins. Logintap is as easy to login, yet fully anonymous.
Yes, that depends on choice implementation. Go to Tech Docs, section 2.
If you want maximum convenience & security we recommend recognising users by their browser data, like a cookie and instantly sending a mobile auth request. This way a user taps a phone right upon opening your website/software and logs in without entering anything else.
So it becomes the main factor because:
1. It is just very convenient, so people who start using it, start preferring it.
2. Users do not input any logins or passwords to access their accounts anymore.
If you want maximum convenience & security we recommend recognising users by their browser data, like a cookie and instantly sending a mobile auth request. This way a user taps a phone right upon opening your website/software and logs in without entering anything else.
So it becomes the main factor because:
1. It is just very convenient, so people who start using it, start preferring it.
2. Users do not input any logins or passwords to access their accounts anymore.
Messenger bots do not provide any information on your users. Logintap only receives a hashed alphanumeric user's token from a bot at the moment of account connection. Thats a major difference with usual social network's SSOs, which share user profiles right away.
From a website/application Logintap only received some user ID. So your user is just a set of tokens for us - one yours, one messenger's, plus our internal ID tokens.
In fact our architecture is made in way, where we do not know websites/application's location or entry points. So we can not match, even if we want to from which system of yours does a user come in.
From a website/application Logintap only received some user ID. So your user is just a set of tokens for us - one yours, one messenger's, plus our internal ID tokens.
In fact our architecture is made in way, where we do not know websites/application's location or entry points. So we can not match, even if we want to from which system of yours does a user come in.
YES, however, we do not recommend relying only on Logintap. For example, if users lose control of a mobile device for a while, entering the account would be cumbersome.
So we recommend having an email or a phone number on your side as a login, so a user can retrieve access just in case.
Also, you need to consider that Logintap is fully anonymous. Meaning you will not get any information from us on user identity, social profiles, emails, etc, just the authenication credentials.
So we recommend having an email or a phone number on your side as a login, so a user can retrieve access just in case.
Also, you need to consider that Logintap is fully anonymous. Meaning you will not get any information from us on user identity, social profiles, emails, etc, just the authenication credentials.
It can work anywhere, as long as the installed software is "online" in any way, you can initiate auth calls from it.
For now, we do not offer any backend libraries for native applications, meaning that you will need to do API calls from scratch within your software.
Email us for assistance at support@logintap.com
For now, we do not offer any backend libraries for native applications, meaning that you will need to do API calls from scratch within your software.
Email us for assistance at support@logintap.com
1. You only send your user ID to Logintap to start authentication, which is most often a unique alphanumeric hash. There is no emails, no logins, no passwords, no social profiles involved.
2. We only receive another "hashed" user ID from messengers, no user data or social profiles.
3. All the auth exchange happens with just these IDs
2. We only receive another "hashed" user ID from messengers, no user data or social profiles.
3. All the auth exchange happens with just these IDs
In addition to the usual things like SSL/TLS, firewalls, cryptography, monitoring, backups, and other SOC related things, we have several important design additions:
1. There is absolutely no important information stored on any of the accounts - just user ID pairs. None of this makes any sense without the incoming authentication session on your side.
2. Every account in Logintap is a separate instance with own DBs, API keys, endpoints, etc. So no customer of ours works with the same data sources in any way. Furthermore, your projects/applications within the Logintap account are also separated. Furthermore, servers are separated into clusters, as well.
3. The only shared item between all the accounts working under Logintap brand are messenger bot's endpoints, which can be changed to your branded ones on Custom accounts. Messengers are just a mechanism to deliver auth requests and provide a response back.
1. There is absolutely no important information stored on any of the accounts - just user ID pairs. None of this makes any sense without the incoming authentication session on your side.
2. Every account in Logintap is a separate instance with own DBs, API keys, endpoints, etc. So no customer of ours works with the same data sources in any way. Furthermore, your projects/applications within the Logintap account are also separated. Furthermore, servers are separated into clusters, as well.
3. The only shared item between all the accounts working under Logintap brand are messenger bot's endpoints, which can be changed to your branded ones on Custom accounts. Messengers are just a mechanism to deliver auth requests and provide a response back.
In general, Logintap is a full substitute to authentication applications offered by several providers.
BUT:
1. It is faster to auth with Logintap because auth request is instantly Pushed into user's device, when with most authenticator apps a user needs to find the app on the device, open it, and snap a QR code of the desktop screen, or worse - enter a long alphanumeric code.
2. Logintap does not rely on any self-made native applications, as do other authenticator apps, thus we do not need to waste resources on updating the app with every iOS and Android update, which makes our service more reliable.
3. Users do not need to install any new apps on their devices to use Logintap auth, thus making it a mass-market kind of security system, available to every user you already have - right away.
BUT:
1. It is faster to auth with Logintap because auth request is instantly Pushed into user's device, when with most authenticator apps a user needs to find the app on the device, open it, and snap a QR code of the desktop screen, or worse - enter a long alphanumeric code.
2. Logintap does not rely on any self-made native applications, as do other authenticator apps, thus we do not need to waste resources on updating the app with every iOS and Android update, which makes our service more reliable.
3. Users do not need to install any new apps on their devices to use Logintap auth, thus making it a mass-market kind of security system, available to every user you already have - right away.
on Auth Channels
We do have this option for Android. Our system automatically detects iOS and does not offer this option on iOS, as it is not possible on iPhones.
But since our goal is not just convenience but also security, we offer this option only on Custom accounts, for now.
Another issue is that browser Push is not as 100% reliable, as are mobile messengers in request deliveries and are also not easily findable on some phone models.
But since our goal is not just convenience but also security, we offer this option only on Custom accounts, for now.
Another issue is that browser Push is not as 100% reliable, as are mobile messengers in request deliveries and are also not easily findable on some phone models.
It has to do with the fact that WhatsApp messages are only a "paid for" service and can run up bills really fast. Also, WhatApp can ONLY use mobile phone numbers, as the "user's address" for auth requests, and relaying and storing those can run against local laws in some countries.
So, for now, our choice is to add WhatsApp only on custom on-premisses accounts, where the business is directly responsible for these bills and for storing phone numbers.
So, for now, our choice is to add WhatsApp only on custom on-premisses accounts, where the business is directly responsible for these bills and for storing phone numbers.
Yes. But it works differently from other auth services, where users open text message and enter PINs from it on a website.
Logintap is much easier for users. Open the SMS/TEXT - press the link. Thats it. You can use it as the ONLY factor as well.
It is a paid for extra service, for now, thats why it is only available on Custom accounts.
We are working on making it close to free for the US/Canada users and available on "Non Stop", account too. Follow us to know, when this happens.
Logintap is much easier for users. Open the SMS/TEXT - press the link. Thats it. You can use it as the ONLY factor as well.
It is a paid for extra service, for now, thats why it is only available on Custom accounts.
We are working on making it close to free for the US/Canada users and available on "Non Stop", account too. Follow us to know, when this happens.
Yes, on Custom and branded accounts.
You can use it to inform your customers, to onboard them, to make internal process confirmations, etc.
You can use it to inform your customers, to onboard them, to make internal process confirmations, etc.
on Account Setup
Yes, that depends on choice implementation. Go to Developer docs.
If you want maximum convenience & security we recommend recognizing users by their session data, like a cookie in browsers, and instantly sending a mobile auth request. This way a user taps a phone right upon opening your website/software and logs in without entering anything else.
So it becomes the main factor because:
1. It is just very convenient, so people who start using it, start preferring it.
2. Users do not input any logins or passwords to access their accounts anymore.
If you want maximum convenience & security we recommend recognizing users by their session data, like a cookie in browsers, and instantly sending a mobile auth request. This way a user taps a phone right upon opening your website/software and logs in without entering anything else.
So it becomes the main factor because:
1. It is just very convenient, so people who start using it, start preferring it.
2. Users do not input any logins or passwords to access their accounts anymore.
It can work anywhere, as long as the installed software is "online" in any way, you can initiate auth calls from it.
For now, we do not offer any backend libraries for native applications, meaning that you will need to do API calls from scratch within your software.
Email us for assistance at support@logintap.com
For now, we do not offer any backend libraries for native applications, meaning that you will need to do API calls from scratch within your software.
Email us for assistance at support@logintap.com
It is totally FREE, as long as you stay within included limits.
We do not put a limit on how many you can connect to an account.
Each website is called a Project or an Application within Logintap. Each project of yours has it's own webhook addresses, which might not even be on the domain, where you use Logintap.
There is no user transfer between applications/website of the same account. So if you want the same user to be using Logintap in several of your services, for us it will be just a new user for every "application".
Each website is called a Project or an Application within Logintap. Each project of yours has it's own webhook addresses, which might not even be on the domain, where you use Logintap.
There is no user transfer between applications/website of the same account. So if you want the same user to be using Logintap in several of your services, for us it will be just a new user for every "application".
It means we can store unlimited number of user IDs for you.
However doing the actual auth requires much more servers and power, so our Unlimited Users acounts are charging is based on the number of "auth jobs".
We reserve the right to "clean up" user ID database for those IDs which are not in use for over 12 month.
However doing the actual auth requires much more servers and power, so our Unlimited Users acounts are charging is based on the number of "auth jobs".
We reserve the right to "clean up" user ID database for those IDs which are not in use for over 12 month.
Just do not send us the auth request for the users you do not want.
2020 - 2023 Logintap.com
All rights reserved
All rights reserved
Contact us
This Section Is Under Construction.
We plan to release it within a few weeks.
Leave us your email and we will inform you when this is done, or when other Logintap news are out.
Leave us your email and we will inform you when this is done, or when other Logintap news are out.
Please note, that by submitting your email you agree to our privacy rules, as described in the footer of this website.
Sign Up
Press to login into an existing account or recover your password.
By submitting this form you agree to legal Terms and Privacy rules. Links for these could be found in footer of this website.
By submitting this form you agree to legal Terms and Privacy rules. Links for these could be found in footer of this website.
We use cookies to personalize content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you've provided to them or that they've collected from your use of their services. You consent to our cookies if you continue to use our website.
OK
|
