1. Home
  2.  → DID

DID

The simplest way to add passwordless auth to websites & apps

DID is the fastest and simplest way to get authentication done on your website. DID authenticates with a key pair stored on the user’s device. Authentication is instant and passwordless. DID is an identity provider compatible with Oauth and Open ID Connect.
Embed
Featured
discussion
Would you recommend this product?
Peter Saxton
Maker
Replacing email with something better
Hi everyone, We are Peter and Richard and we are excited to share DID with you. DID was created so that we could all stop using passwords. Most of us have too many passwords and we don't like using them. Not wanting to remember the details of another account is often the reason I don't sign up for a new service. Creating DID has show us there can be a better way to handle authenticating for a service. We really like it and hope you do to. Let us know what you think, and we are of course happy to answer any questions. Cheers
Share
Yatima KagurazakaKagurazaka HI
@crowdhailer Thank you for your cool product information. So what do you think about its strength against competitors like Firebase Auth or Auth0?
Share
Peter Saxton
Maker
Replacing email with something better
@yatima_k The alternatives you mentioned make it very easy to do Authentication the established way, for example using email + password. We aim to offer just one way to do authentication, that is the way your users will find simplest.
Share
Duarte Martins
Founder @ noo.coffee
Genuine paradigm shift - this can do wonders for conversion rates by reducing friction.
Share
Richard Shepherd
Maker
Founder at Plum Mail, designer/dev
@duarteosrm Thanks Duarte. I think there is certainly potential for supercharging conversion rates, particularly once a DID user who already has already trusted a device visits a new website using DID, they can sign in with just one click. There is such a lot of friction with asking a user to choose a username and password. Our challenge is evidencing that improvement in conversion rate in order to sell that as a feature. Hopefully in time, working with our community of users, we'll be in a position to evidence significant improvement in conversion rate.
Share
Duarte Martins
Founder @ noo.coffee
@richardesigns I look forward to implementing it!
Share
Richard Shepherd
Maker
Founder at Plum Mail, designer/dev
@duarteosrm wonderful! Please let me or Peter know if you would like any help.
Share
I've been impressed whilst trialing this. I thought the first site I visited with DID was almost frictionless but it just get's better with each site after that. I've not tried jumping between devices, how is that handled?
Share
Peter Saxton
Maker
Replacing email with something better
@lewisea thanks for the kind comments. We handle recovery of accounts via email. It is also possible to use you email to add multiple devices to the same account. All of this is handled by DID and when building a website or app you will just have a single identifier for the user to work with
Share
Richard Shepherd
Maker
Founder at Plum Mail, designer/dev
@lewisea Hi Lewis, thanks for your question. If you signed up using your mobile phone, for example, and then wanted to sign in on your laptop DID issues a link to your email which you use to authenticate on the new device. You can choose to authorise multiple devices, a phone, a laptop, a tablet for example. DID then provides you, the end user, with a list of all the devices you have authorised so you can easily manage them. This is slightly easier, we've found, than trying to use a password manager across multiple devices. Does this answer your question?
Share
Almar KleinIndie software engineer
I've previously liked the idea of using social accounts, which prevents the user from having to deal with yet another password. Plus you can rely on that social network's security measures. However, I've always hated that you're essentially locking your users into a 3d party company. With DID's approach, you have the same benefits, without the lock-in!
Share
Peter Saxton
Maker
Replacing email with something better
@almarklein cheers. Another problem that we aim to fix vs those social login solution, is that we don't have a business model that relies on tracking our end users as the sign in to different services
Share
Peter Vandendriesse
Founder, Guestboard.co
Super interesting, as passwordless login has been a friction point for us, in finding the right "balance" of pleasing users. (Some love passwordless, some want passwords, some want SSO via social, but having all of these would be ultra confusing and result in multiple accounts). I actually inadvertently have multiple PH accounts due to bouncing between their SSO options. Brutally-honest nitpick - your explainer video comes across as very amateurish with the low-budget, animate-a-doodle stuff. This is a big step in the right direction for user experience and tech, and should be treated as such in that video. I'd recommend dropping the goofy music and doodles and focus on a clean video that shows exactly what the end user would see/experience using DID, as well as a few points addressing security measures taken. Hope that helps, and good luck!
Share
Richard Shepherd
Maker
Founder at Plum Mail, designer/dev
Hi Peter, Thank you for your insights into how you've been considering authentication for your application. In addition to your comments about SSO, we also found that some users complain they can't remember which social account they used to sign into a service with (was it Facebook, was it Twitter etc) so they then have to go through the options trying to remember. A once convenient feature becomes very inconvenient in that scenario. Thank you as well for your honest feedback on our explainer video. At the moment, Peter and I are self-funding DID and as a result we are strapped for funds and time is very prescious. We made that video ourselves with tools we could get our hands on quickly and easily and I very much agree with you that it isn't perfect! In the very near future we would both like to add more production value to our explainer video. We didn't mean to trivialise the subject, you're right, the opportunities for user experience that passwordless authentication offers does deserve more production value. Very helpful comment and thanks again.
Share
Peter Vandendriesse
Founder, Guestboard.co
@richardesigns Totally understand getting something fast and cheap (we're bootstrapping too), but figured it was worth mentioning. Hope i didn't come off as a dick! :)
Share
Peter Saxton
Maker
Replacing email with something better
@richardesigns @pvan1201 Not at all, and we don't think your wrong.
Share
Richard Shepherd
Maker
Founder at Plum Mail, designer/dev
@pvan1201 haha, not in the slightest. Bootstrapping - move quickly, maybe make a goofy vid. My new mantra. What's your product? We probably owe you a +1.
Share
Peter Vandendriesse
Founder, Guestboard.co
@richardesigns we're a couple weeks away from our PH launch. But i wouldn't post it here anyway - today is about you guys! :)
Share
Richard Shepherd
Maker
Founder at Plum Mail, designer/dev
@pvan1201 - please see my reply to your message above. Thanks for your comments.
Share
How comes, that i have to give u an email " Instead of One Click " to register at ur website??
Share
Peter Saxton
Maker
Replacing email with something better
@sven_kudszus email is used for recovery of lost devices. Because we are moving to a new paradigm the email first flow is best for conversion rates, as it confuses fewest visitors. All the keys are stored on in your browser in the mydid.app domain. If you want to try you can: - visit mydid.app first set up your device, still with email backup. - Then when you try to sign up at did.app to sign up with a single click for as long as you have that device, or until you clear your history
Share
Kevin QuinnBuilding stuff at https://happybara.io
Cool product, though the private key stored locally brings up a question. Can you explain what options a DID user has if their laptop containing the private key is stolen?
Share
Richard Shepherd
Maker
Founder at Plum Mail, designer/dev
@idontremember Hi Kevin, thanks for your question. If any device is lost (including a laptop but it could be a phone or tablet) then the user has the option to untrust that device from inside their DID account. The user needs a device that isn't lost in addition to the one that is lost but if the user can access the internet, they can access their DID account and untrust a previously trusted device. What we also found during our testing and gathering rounds of feedback is that devices tend to be locked either with a pin code, a device password or something more personal like your face scan or fingerprint scan. If the device is lost, the theif would still need to access the operating system. It's worth adding I feel that, while devices do get lost and stolen, they are much harder to steal than a digital password is to phish or crack for example. We advise users to only trust devices that are secured with biometrics or pin codes to mitigate this risk, however. In addition to this, if a device is stolen that has no 'lock', the thief could still access websites that have long-lived sessions or 'saved passwords' in exactly the same way. Our aim has always been to make sure DID's device authentication at least as secure as a username/password sign in with our focus being on convenience for the user and potential conversion improvement for the website. I hope this answers your question, please let me know if you have any other comments and thank you for your interest in DID.
Share
Alex TassoneHead of fintech product in NYC
Cool product given the CX it can achieve. How has your feedback around "security concerns" been so far and are you looking to take this to enterprise products too?
Share
Peter Saxton
Maker
Replacing email with something better
@alextassone once people realize that almost every password based authentication solution has an email reset and that DID is at least that secure we have received good feedback. We are focused on improving User Experience without any compromise when compared to existing system. We think we have achieved that. There are enhancements that could add even greater security, such as locking you account to only be accessible from trusted devices, i.e. no more email reset. These are things which we can roll out overtime with customers of DID having to make no changes to their integration with DID, these features are on our Roadmap. Could you expand a bit on what you mean by enterprise product? Something that enterprises could use to authenticate there own employees?
Share
Alex TassoneHead of fintech product in NYC
@crowdhailer yeah sure. It is for both internal enterprise tools and also for enterprise grade products such as a new mobile app for financial traders at the large banks.
Share
Peter Saxton
Maker
Replacing email with something better
@alextassone We would potentially tackle these audiences however the market is quite crowded for very high security requirement solutions. So we prefer to focus on improving CX and then look to add the enhancements I mentioned in the previous comment.
Share
Alex TassoneHead of fintech product in NYC
@crowdhailer cool, thanks!
Share