Twitter, as part of its new mobile-centric development studio, Fabrics, has debuted Digits, a tool to help app developers add quick, safe and convenient user authentication.
The idea behind Digits is to skip usernames and passwords entirely, static things that can be mimicked or stolen, and replace them with a physical object — a smartphone — and a one-time-use code.
If this sounds similar to regular two-factor authentication, it is: Digits takes a user’s phone number, which is usually paired to a single device, and sends him or her a one-time six-digit code to complete the login. The company notes that since these single-use logins are usually sent to a phone number after logging in with a username and password, the process will be familiar to users, and save them from having to remember yet another password.
“Phone-based onboarding has been limited to large companies who can afford the time to build the infrastructure to deliver SMS — until now. With Digits, you gain the same level of security and SMS capabilities by simply plugging into Twitter’s own trusted, global infrastructure.”
Digits, unlike Twitter Connect, is not directly tied to Twitter, but is freely available for anyone to integrate into an app. Twitter notes that phone numbers are the primary form of authentication in many parts of the developing world, but are kept local due to the high costs of facilitating SMS relay. With Digits, Twitter picks up the cost of the backend infrastructure, and merely asks developers to show a Twitter logo in the process.
The code is reportedly easy for developers to implement, and supports for Android and iOS apps.