Frequently asked questions

If you have a question we have not answered here please do email it to us: team@did.app

What happens if my device is broken?

You can always fall back to using email authentication to login. If your device gets broken, simply login from your new device using the same email address and then authenticate that new device in the same way you authenticated your original device.

What happens if my device is lost or stolen?

In this case your device could be accessed by someone other than you. Your devices should always be locked either with a pin code or biometric key such as your fingerprint or face to prevent thieves accessing any of your device’s data.

As an additional security step you can remove authorisation for the lost or stolen device inside your DID account (this feature is currently being developed).

What happens if I want to sell my device?

Before you sell any device you would need to remove all of your personal data including any keys used by DID to authenticate that device.

If you forget to remove all your data from the device when you sell it you can remove authorisation for that device inside your DID account at any time (this feature is currently in development).

How is account recovery via email secured?

A link containing a single use code is generated and emailed to the user. As only the owner of the email address can receive the link only they can access the account.

Can DID be whitelabelled on my website?

The style and appearance of DID on your website can be customised. Any customers on a paid plan can also remove the ‘Powered by DID’ link.

Why wouldn’t I just use social logins?

DID is more convenient to use than social login. Users that do not have Facebook or Google accounts cannot use those social logins. If the user does have an account with Facebook or Google they still need to log into it using an email address and password.

Login method choice can cause confusion for the user. Some confusion can also occur if a user has previously signed up with Facebook but now tries to login with Google or vice versa.

There is also a security threat to consider. If a Google or Facebook account is compromised the hacker now has access to all the websites which the social login has been used to grant access.

Some users are also aware of the privacy concerns around the business models of Facebook and Google and their motivations for providing login functionality for tracking purposes.

DID offers a simple, secure solution that is easier to use than social logins and respects the user’s privacy.

What is wrong with passwords?

Passwords present many problems that cause security vulnerabilities and usability issues. Here are three of the main problems explained:

Phishing

Phishing is a systemic problem. Even the best possible password is vulnerable to phishing. In 2016, 5700 passwords were stolen every minute. Unfortunately, users unknowingly hand their passwords over to hackers during phishing attacks.

Users often reuse passwords for many websites so when a phishing attack takes place many accounts are compromised at the same time.

The Human Factor

The average user has around 100 passwords, many have more. Creating and remembering these passwords is hard so the average user tends to ignore password security guidelines on aspects such as complexity and length and often uses the same password for multiple services. The result is that passwords are easily guessed by bots.

Keystroke Logging

Malware on devices can record the keys pressed in order to steal a password.

For a deeper look at the issues surrounding password theft read this post by Alex Weinert at Microsoft Tech Community.

Do password managers solve the problems with passwords.

Password managers are a way to manage and remember large numbers of passwords but they fundamentally don’t solve the security issues with password theft. A user can still be tricked into handing over their password during a phishing attack. The password manager’s ‘master password’ grants access to all username and password combinations stored in the password manager and is vulnerable to the same risks as any other password. Password managers are a high-value target for hackers.

Using a password manager is a choice the user has to make and, in some cases, pay for. The website owner has no control over how well the user looks after their passwords either in a password manager or not. DID is different because the website owner chooses to use it to improve user experience and remove the password problem.