@dougw love the idea but found two very annoying bugs... the first i can't enter the numbers with the number pad on my keyboard, the second bug reduces the size of the popup as I enter each character on my email. Also I'm in The Netherlands and it works here :)

@davidiwanow thanks. what type of device, OS and browser? We'll take a look.

@davidiwanow thank ya. stand by.

Congrats, I love how simple you guys have made the whole auth process. Although I have one question, in your website you show that when user is authenticated, I get his/her name, email and probably a profile pic, how do you guys get that info? Does that info gets updated for all the services that use cooper whenever a user updates his/her info, assuming that he/she can?

@dougw what happens if I change my phone number, and forget to update copper before losing access to that number? That means once the carrier recycles my number and gives it to someone else, they can get into my account?

@gopietz not copper team but this is probably one of the first things you want to do even if you have/don't have copper: get hold of your phone company, tell them to block the sim-card / phone and issue a new sim-card to you (with your existing number).

@gopietz if your phone is stolen, and you aren't protecting your phone with a password or Touch ID, then you are going to have problems with a service like Copper, which uses your exclusive access to your text messages to verify your identity. But then again, if you haven't locked your phone, a bad actor would presumably have access to your apps, and your email which can be used to reset passwords on nearly every account. So we're counting on people locking their phone, which is happening more and more, as people understand the risk of not doing so. All that being said, SMS has many issues which we recognize, and we will move away from it, but the ubiquity is too hard to ignore for now.

@dougw thank you for the reply. Lets say the phone is locked and the thief has access to the phone number. (Im not sure if an attacker could identify the phone number from a locked phone) wouldn't that also be a problem since the lock screen shows the texts? Also, how could I log in while my phone is gone? It takes some time until my provider can send me another sim card.

@gopietz if you lose the keys to your house with address attached, that's a problem. Similarly, if you leave your phone unlocked or messages visible without unlocking, then you've left yourself open to a similar risk on the digital side. Most people lock their devices and messages now as our phones become central command for our lives, and we're leaning into that trend. All that said, there are some obvious things like backups in the event of a lost phone, and ameliorating some of the security and deliverability issues with SMS that we'll get to in short order.

@dougw The problem here I think is that for copper, even if my phone is locked and everything, a thief can still take out the SIM card and put it into another phone, access the phone number and then everything else. Apps are tied to a device, but phone numbers are tied to SIM cards. Another (minor) issue is international travel.

@lajlev I am from the UK, with a UK mobile number and could use it just fine, with my international code at the start (44)

@lajlev for real? So disappointed that I can't try it :(

@lajlev Doesn't seem to work with my Swedish phone number either.. Shame, since it proclaims "Welcome anyone with a mobile number"

@lajlev They should help us with the format number. I'm from Argentina and i can't enter the number right.

@lajlev it should work internationally. include your country code with the standard + notation (e.g. a UK number would be +44 7903595880). We had an ops setting that prevented a handful of countries from working, but that should be sorted now.

@levibostian fair enough! 😆 If they now would allow me to store phone numbers as well, my current workload would be reduced by almost 60% 😂

@levibostian @ihatedotpink you should have seen our first versions, totally Copper branded. But we've listened and learned and have fought hard to pull all of that back because we heard that makers want to offer a great experience for the people they serve. We want makers to see what we're doing as an off-the-shelf solution to a problem common to many apps, how do we register and authenticate users, which means this trend will continue.

@ihatedotpink @levibostian you can store phone numbers, and any information you ask for from the user. Just be sure to add 'phone' as one of the items you ask for and it will be returned when the user completes the auth.

@dougw Thanks for the explanation. To get it perfectly right: I need to ask the user for his phone number twice? First he needs to enter his phone number to verify the number and then in a next step he needs to enter his phone number again to actually store it in the db? Is that correct?

@ihatedotpink @dougw only once. If you add 'phone' as one of the items you ask for, Copper will auto-complete the number field for the user in the next step (since they entered it in the first).

@johnnyquachy I think it depends on the users. There's something to be said for social signup and coding your app so if they sign in with different social networks it doesn't create duplicate accounts. I've seen many apps that do just that. I sign in with facebook one day, sign in with twitter/google the next day. It's easy enough to do, and then you have two accounts. To rectify that, you have to code your app to be able to take those accounts and merge them together. Either by having additional options on the profile page and having the user signin to each one, or by doing it seamlessly from the login screen. Doing a phone number login takes that out of the equation, especially on mobile. It doesn't work as well on desktop or tablet of course.

@thehashrocket @johnnyquachy Or just sign in with the same social account. I m not necessary the same person on facebook that I m on twitter :)

@ekambos @thehashrocket fair enough. These don't seem like huge problems. If you want to make 100 accounts in facebook or gmail you can. This is solving a developer problem? I guess a fairly small one.

@parkeragee free as in beer at the moment. We want to take a different model where we find value added services for the people we serve, and not charge developers or sell user data to marketers. The opportunity we see is to build a product where our users are also our customers.

@jbrooksuk @namzo it'll work internationally... some of our international friends here found a bug preventing the code from being sent to some countries. What's launching without the help of new friends to iron out some things, right? 😎 Try it again and you should be good to go.

@namzo we had a bug this morning that prevented deliverability to some geos -- but that was fixed so give it a try -- from wherever you are.

@jimcanto There is more of an usability and trust issue here. Implementing the mobile number as the prime authentification method is a huge emotional investment to ask from a prospecting user. This is not a commitment for 2-way authorization hence a second security layer that already ensured the user being involved and having a foot in the door in the users mentality. The mobile number has been shown to be a way more intrusive information to ask for then compared to an anonymous account and mail or oauth.

@andmitsch Sounds like a good thing if one is interested in thwarting spam accounts within their app. And, to your point; it would require the app be compelling enough to meet that trust threshold. Interesting.

@jimcanto @andmitsch I think I'd use it in my app (wip) if I make signup itself optional. Users can be onboarded without any signup and only asked to authenticate by phone number for a certain app feature when they clearly see value doing so. Not at the beginning of using a new app, I wouldn't give my phone number at first if I'm the user.

@garyfung @andmitsch ...wouldn't give phone number? Even if you believed it would not be kept, used, or sold? Or would you simply not trust those promises at first?

@jimcanto @andmitsch Wouldn't trust promises from a new app I don't know but just trying at first. And I'm speaking as putting myself in a normal user's shoes.

@nagra__ yes, we'll get there. want to help?

@nagra__ you've written more than me, no doubt. Shoot me a note: doug@withcopper.com

@noxowe let me know how I can help.

@reot004 I'm a long-time 1Password user, so I know your pain. Using strong, unique, well-secured passwords is hard. Storing them securely is hard for both the people that own them, and the services that rely on them. I'm sure you've seen the Twitter and LinkedIn breaches from this week. Our belief is that passwords are a problem worth solving, not managing. Now that we all carry around always-connected, unique devices in our pockets, we see an opportunity to do just that.

@steve228uk I worked at Twitter and this does not make me nervous.