The transition to authorisation only on a mobile phone?

What stones can occur when switching to authorization via mobile phone?

For those who suddenly do not understand, but I hope there are no such)) This means that the expected complete absence of ligaments
login\email\ and password. Only the phone -> received text> entered the code if true is authorized, the ip listed in the database came from the same machine is authorized, no new code is sent.

While my mind is only the thought of losing your phone..
September 19th 19 at 00:06
1 answer
September 19th 19 at 00:08
Lost phone/room/passed out roaming (or do not) - let's goodbye.

As practice shows - this is not a problem.
Phone number to recover much easier than the stolen mail.

I see several other problems:
1) the cost of sending SMS. Authorization this is a fairly frequent event in the General case, SMS will have to send a lot.
2) Users are wary of the idea of bringing to sites that either come via SMS, all of these stories with subscriptions what is taught still.
3) Long authorization process. Until SMS comes while the user will rewrite the code. If such conditions will be on any normal site I as a user would spit and walked away.

In General, I see no reason why authorisation should be done through a one-time code.
If an application with higher requirements for security - you need to use the login password, and the nonce (because the phone can steal and log in)
If the application is regular - it is better to use a login phone number and password, and SMS to use to recover the password or send the password when you register.
PS
authorized, the ip listed in the database came from the same machine is authorized, no new code sent
It is better to put the cookie and check for its presence, additionally checking the IP if the cookie is.
UPD
, : confirm any critical action SMS with one-time code - a long time ago the standard in the banking industry and gradually penetrates into the other. Two-factor authentication (for the user in critical cases, and force - critical) password recovery is a great case for SMS.

In fact we have no way otherwise to validate the user.
Or app on ios with biometrics or one-time SMS.
If you select normal operator - a phone number is the only method of communication with the user that the user cannot unknowingly lose for a long time.
especially easily restored room when you're abroad or can't get out of the house. - sean_Hilll commented on September 19th 19 at 00:11
I think that if a person proteras phone abroad or been locked in the house and he can not reach - the issue of access to some kind of web service it will obviously not solve in the first place. - Jaqueline.Parisian commented on September 19th 19 at 00:14
: and this problem - the person is abroad, and the phone he enable Oh as do not want as 1 SMS -30 rubles, and plug in your phone and you just attack these texts? - roosevelt_Barrow commented on September 19th 19 at 00:17
: two cases from my personal life:
1) arrived in Sweden, and roaming enabled and the account has been recharged, and there is no connection.
2) a month sat at home with a broken leg and ribs, the SIM card died.
picaluga and hi clientbank with confirmation of operations via sms. - sean_Hilll commented on September 19th 19 at 00:20
incoming SMS free international roaming all operators known to me long ago. - Jaqueline.Parisian commented on September 19th 19 at 00:23
: > confirmation of any critical action SMS with one-time code - a long time ago the standard in the banking industry and gradually penetrates into the other.
a and here figushki. normal, customer-oriented banks don't do a confirmation via sms the only way available. - sean_Hilll commented on September 19th 19 at 00:26
:
1) there was a problem, however in Asia flew a good 20 minute call with a backup phone in Russia friends and asking them to quarrel with the operator.
2) a Sad case, Yes. But obviously not massive. If you critically need, all you need to do something.
You can call the notary on the house, to write doverco other and restore.
I honestly can't imagine how you can live a month without a SIM card.
But as I wrote above - quite rare, but the loss of people if you allow operation with no SMS will be massive and considerably more. - Jaqueline.Parisian commented on September 19th 19 at 00:29
normal customer-oriented - who is this? - Jaqueline.Parisian commented on September 19th 19 at 00:32
: I will say that - according to the Protocol of Visa/Mastercard 3DSecure which normal banks strictly required for payments more than 10-15 t. R - SMS is in principle the only way to confirm payment via Internet acquiring - Jaqueline.Parisian commented on September 19th 19 at 00:35
Well, until persuaded not to do, just wondering because part of user authorization is not needed, the second part is the obligatory presence of a SOT.phone, as this is the only normal method of communication with them(half are people over 30 who have in the mail for 5000 unread emails, and the password from the website they remember only the first 5 seconds. during check-in ) - brandon_Balistre commented on September 19th 19 at 00:38
: > but people loss if to allow operation without SMS
there will be no loss if normally otoyti to the question: now maintained in two banks in addition to confirmation via sms, there is a card with one-time codes.

> when you pay more than 10-15 t. R - SMS is in principle the only way to confirm payment via Internet acquiring
not only, but, perhaps, banks in Russia do not know about or do not want to bother. - sean_Hilll commented on September 19th 19 at 00:41

Find more questions by tags User identificationPHPSMS