Cotter (YC W20) – Secure One-Click Phone Number Login

Hi, HN!

We are Putri, Anthony, Kevin, Michelle, and Albert from Cotter (https://www.cotter.app)

Cotter is an authentication SDK that lets users log in to your website/app securely using phone numbers, without a password.

We built Cotter because authentication that works in the US doesn’t work in Southeast Asia, India, LatAm, and Africa. People there prefer to use phone numbers to log in because they don’t use email and good passwords are hard to remember.

We come from Indonesia. Over there, in order to reach more people, mobile apps make their login easily accessible to everyone, which has resulted in the removal of emails and passwords. They made SMS based authentication a standard across sign up, login, and transactions.

However, SMS-based authentication comes with a security tradeoff and costs both users and businesses millions of dollars. Scammers have figured out several ways to extract verification codes via social engineering, SMS forwarding, and SIM-swapping. One of us has lost money due to SIM swapping and we've seen family relatives lose their digital wallet balances from social engineering. It’s easy for these scammers to extract the verification code from their target. The victims of this misconduct tend to be ride-hailers, online merchants, and other people whose income depends on mobile apps, so this issue can hit hard.

To address this, we've built a secure authentication SDK that has the convenience of only using a phone number but does not have those security drawbacks.

Cotter is unique in 3 ways. First, integrating with Cotter is very fast and easy - developers can provide a full-suite authentication including login, SMS one-time password, Trusted Device, Biometric, and PIN in just a few lines of code.

Second, Cotter works across apps/websites, just like Google Sign-In. Once the user’s phone number is verified in one app, the user doesn’t need to re-verify their phone number again in other apps - one user does not have to be verified over and over again.

Third, Cotter is secure. It works like Apple’s Trusted Devices where users can only log in from a Trusted Device. It also works from within your app (no third-party authenticator app). We are following the FIDO protocol for this. Cotter’s SDK generates asymmetric keys in your device, saves the private key in secure storage, and sends the public key to Cotter's server. Apps can choose to secure the keys using Biometric/PIN. Every time the app requests an authentication, either for a login or for a transaction, Cotter’s SDK will send a signature using the private key that the app’s server can verify.

How does Cotter make money? We charge $0.02/API call + Standard SMS Rates.

We would love to hear more about your experiences authenticating users! What are your biggest pain points and what services do you wish existed to solve those? We are also happy to discuss how we can make Cotter better and more secure. Either comment here, or shoot us an email anytime at [email protected].

Also, if you want to know more about integrating with us, you can check out our documentation at https://docs.cotter.app



Get Top 5 Posts of the Week



best of all time best of today best of yesterday best of this week best of this month best of last month best of this year best of 2023 best of 2022 yc w24 yc s23 yc w23 yc s22 yc w22 yc s21 yc w21 yc s20 yc w20 yc s19 yc w19 yc s18 yc w18 yc all-time 3d algorithms animation android [ai] artificial-intelligence api augmented-reality big data bitcoin blockchain book bootstrap bot css c chart chess chrome extension cli command line compiler crypto covid-19 cryptography data deep learning elexir ether excel framework game git go html ios iphone java js javascript jobs kubernetes learn linux lisp mac machine-learning most successful neural net nft node optimisation parser performance privacy python raspberry pi react retro review my ruby rust saas scraper security sql tensor flow terminal travel virtual reality visualisation vue windows web3 young talents


andrey azimov by Andrey Azimov