介绍：Password-free signups. No social network required.
Pedro Israel: Very well done! Simple and easy! Congrats for the product guys!
Michael Lajlev: US only?
Laszlo Levente Mári: This is awesome! Finally an easy way to tackle this
Amrith Shanbhag: Why did this die?
Ankit Mekwan: Nice tool...
Daniel Singer: This was so smooth and well done and wow. The future is about to get evenly distributed ;)
Stephanie Kampendonk: Hi! While it looks fantastic, it feels a bit like Digits or identity management by Twilio. Would love to try out Cooper as well, but are there any benefits to using Cooper over Digits or Twilio?
Andrew Courter: Brilliant.
Hanis: server not found...
⬆️ Upvote if you've ever forgotten a password or abandoned a signup form!
Copper is a service for developers who want a seamless, always-improving signup and signin flow in their websites and iOS apps. We remove friction so more people become and remain users, while makers ship faster and maintain less code.
Give Copper a try, create an app if you are developer, and share your reaction, please 🙌.
🗣 to @gwil, @erondu, @keesan, @sandofsky, @verbagetruck and @jeremygoldbrg for making a hell of a team.
Kam Nagra: This seems really cool 👍🏼. Will there be an NPM package for NodeJS applications? 😅
Is sms authentication still safe?
Rizki Aditya: Interesting product! signed up already.
Desmond Duggan: This is hugely awesome - congrats on launch!
Ernest Ojeh: "Passwordless signup for the US"
Parker Agee: Nice product! What kind of pricing model does this have and how are you going to compete with Facebook Account Kit (which provides 100,000 free SMS messages per month)?
Joe Hobot: This is freaking awesome #Copper :) sooooo when is PH going to start using it?
So instead of people logging in with 1 click via twitter, google, or facebook (services you can control fairly easily) you're asking people to use their phone numbers? And then asking them confirm via sms code.
This seems harder than social sign-up :(
Elizabeth S Hunker: What happened with Copper and how can I keep track of where it'll resurface? @dougw
stephentbiz: Gotta cop this.
Steven Rueter: How is this different from Digits?
sounds pretty cool.
may somebody from the copper team walk me through the szenario if my phone is stolen. maybe from my own standpoint as well as from a thiefs perpective. thanks.
Maxim Zubarev: Pretty goddamn sure I will use this in my next side project.
Kristian: @ambonium curious too
Chen Zeev: @dougw what happens if I change my phone number, and forget to update copper before losing access to that number? That means once the carrier recycles my number and gives it to someone else, they can get into my account?
Gregory Storm: @rueter I'm curious as well.
doug williams: @kakers1789 we really appreciate this. We have the same feeling. I like to say that we're just frustrated users of the Internet, solving our own problem. It shouldn't be so hard to build for and use products on the web.
@jmacias you've got it. We store your personal information with your phone number. When you use that to sign up to a service, we give it back to you so that you can share it without repeating yourself. With each use and integration, the network gets stronger for everyone. So, all boats rise with the tides. Imagine how easy it'd be to try new products launching on PH if everyone used Copper :)
By the way, what OS and browser are you using / getting stuck on in the confirmation step?
doug williams: @dev_gar I'm not sure I understand the question but I'll address security in general. We take it seriously, use encryption where possible, use SSL for all network traffic, use platform security features from our infra. providers, and go through a regular security audit with an outside firm. From an application perspective, we have rate limiters, short expiration times for codes and similar features to limit the potential for abuse. For example, you couldn't send a phone number in and try 000000-999999 in a single setting to guess the right number. Security is a posture and never done, so this will improve, but I want you to know it's something we think a lot about.
doug williams: @llabball stay tuned, this isn't our forever plan.
doug williams: @abetancort we hear you. I've mentioned this a few times on the thread, but it's just our starting point. We're eyeing other places to reach people for all the reasons you cite.
Chen Zeev: @irfaan I actually don't care as much about losing access to my account, as I am about someone else being able to log into my account once the carrier recycles my old number. Seems like an urgent issue to address...
@ekambos @thehashrocket fair enough. These don't seem like huge problems. If you want to make 100 accounts in facebook or gmail you can.
This is solving a developer problem? I guess a fairly small one.
doug williams: @astrism @withcopper we have some work to do on the photo picker. For now, if you want folks to get the proper beard to face ratio in your image, use a square photo and you will look amazing.
@dougw The problem here I think is that for copper, even if my phone is locked and everything, a thief can still take out the SIM card and put it into another phone, access the phone number and then everything else. Apps are tied to a device, but phone numbers are tied to SIM cards.
Another (minor) issue is international travel.
@jimcanto There is more of an usability and trust issue here.
Implementing the mobile number as the prime authentification method is a huge emotional investment to ask from a prospecting user. This is not a commitment for 2-way authorization hence a second security layer that already ensured the user being involved and having a foot in the door in the users mentality. The mobile number has been shown to be a way more intrusive information to ask for then compared to an anonymous account and mail or oauth.
doug williams: @nussieinhorn thanks, Nussi. What bugs did you find? What OS and Browser? Help us get better!
Will Jensen: @dougw @gwil @erondu @keesan @sandofsky @verbagetruck @jeremygoldbrg Awesome work guys!! As an American living in Sydney, I'm used to having issues with my AU mobile number... but not this time! Kudos
Taylor Barr: @decktonic I use Google Voice which all #'s are required to be tied to a device phone number - so they technically still have access.:) Yeah I can block it each time a spammer calls me - but what if a company gets hacked and sells your phone # to 1000 spammers and they all call? err - no good for me.
@dougw Thanks for your explanation. Two things though: Can you back up data that proves this vs predicting a trend based on your east coast/ west coast trend opinion? To me, phone #= for the most part, you pay for. Email address = "free".
I am all for the idea of getting rid of passwords - don't get me wrong on that but not at the sacrifice of my phone number (yes - I agree with you: the phone will be the physical key to unlock it; I just don't think it is use of the phone number). My concerns: I keep my phone on me all day - it's an extension, much like many of it is to others here. That means people can call me at anytime. Email - it's more asynchronous and less intrusive; I can unsubscribe. The switching costs if my email address, if it were to get in the wrong hands or sold, is less of a switching cost (IMO) of getting a new phone number. As much as I want to say, "yes - company that I just signed up for, I trust you with my phone number" it's just a natural trigger for me not to hand it over - even if it IS just for logging in. It's the same rational feeling behind not wanting to share your SS# online (although more serious) - right?
I guess what I am saying is - it comes down to companies, which I don't know if I can trust, having my phone number and the potential harm it would be, if those companies got hacked (or it could be that I worked for several hosting companies and saw first hand how people take for granted data security). Either way - good luck!
Gary Fung: @jimcanto @andmitsch I think I'd use it in my app (wip) if I make signup itself optional. Users can be onboarded without any signup and only asked to authenticate by phone number for a certain app feature when they clearly see value doing so. Not at the beginning of using a new app, I wouldn't give my phone number at first if I'm the user.
Christian Montoya: @taylorbarr One way I deal with this is I use a Google Voice number - the texts go straight to my inbox :)
Aric Boyles: @dougw @davidiwanow similar problem here, using win 10 chrome and when I try to enter the code numbers in the pop-up, the numbers disappear immediately as a type them! please let me know when bug is fixed, would love to try this, thanks.
Gary Fung: @haroenv @lajlev this should be a case for improving UX. When a phone number isn't recognized, automatically prepend a + instead of just failing? If it still fails then fail with an explanation.
Gary Fung: @rueter I second the question
@dougw don't get me wrong. I'm totally with you on getting rid of passwords. They're annoying.
They have another more serious problem: they are a security risk in the hands of stupid people, aka password123.
Part of your reasing sounds like solving one problem by introducing the same problem in another way. I don't think that most people will understand the security risk, when displaying texts on their lock screen. And I certainly don't think it's the same as losing your keys with the address attached.
I do think you are aware of that, but obviously you also have a product to sell. I wish you best of luck on your mission of getting rid of passwords.
Reony T: @dougw I like this answer thank you! :D
@reot004 I'm a long-time 1Password user, so I know your pain. Using strong, unique, well-secured passwords is hard. Storing them securely is hard for both the people that own them, and the services that rely on them. I'm sure you've seen the Twitter and LinkedIn breaches from this week.
Our belief is that passwords are a problem worth solving, not managing. Now that we all carry around always-connected, unique devices in our pockets, we see an opportunity to do just that.
Haroen Viaene: @lajlev Works if you put your number as +32, not if you write 0032
Oleg Avrah: @dougw If we're talking about desktop, login with Facebook or G+ look's much better than Copper. I think so :)
Andrew Crookston: @gopietz not copper team but this is probably one of the first things you want to do even if you have/don't have copper: get hold of your phone company, tell them to block the sim-card / phone and issue a new sim-card to you (with your existing number).
Mads Emil Dalsgaard:
@dougw Thanks for your response!
We do all our verification manually at the moment (@funderbeam). Users have to upload an image of passport or national ID. Would be amazing if people could do that with you, and then be able to sign up for all business that are affected by AML legislation and have to go through KYC processes. And, it's a pain for users to have to do this again and again. I've done it three times in the last year, and even if it is as smooth as with @number26
doug williams: @jakelprice what browser and OS are you using? Thanks for the patience while we work through our teething issues.
Justin Go : @dougw @catapop84 can we expect the current features we have now will remain free? if not, what sort of free limits are you guys planning to implement in the future just so we have a rough idea of what to expect.
@gopietz if you lose the keys to your house with address attached, that's a problem. Similarly, if you leave your phone unlocked or messages visible without unlocking, then you've left yourself open to a similar risk on the digital side. Most people lock their devices and messages now as our phones become central command for our lives, and we're leaning into that trend.
All that said, there are some obvious things like backups in the event of a lost phone, and ameliorating some of the security and deliverability issues with SMS that we'll get to in short order.
Jean-Philippe FONG: @lajlev Work in Canada too
@oleg_avrah we actually see Desktop and web as a huge opportunity. Most services with passwords see 30-50% of their users relying on a "forgotten password" flow. Most people now have their phones right next to their machines when they work, and prefer a text notification over opening a new, going to email, clicking a link, typing a bad password twice that they won't remember, and logging in.
That being said SMS is just the start. There are other, better ways to reach people on desktops now, that don't rely on telco networks. We know reaching people on those channels is an important next step.
@otto_offringa hey now, I can see everything. Thanks for your persistence, we're listening. If problems persist, you can reach me at firstname.lastname@example.org.
Thanks for the number. We're looking into it rn.
Amit Tiwari: @dougw Awesome :)
@pipipzz we ask the user for anything we don't have, but always remember it. In the ideal case, we have everything an signing up becomes one tap.
You can give this a try yourself:
- go to https://withcopper.com/apps and create an app.
- scroll down to the section where you can "Take Copper for a test drive section" and select various scopes, see how the experience varies when you request information we don't yet know vs. do.
With this, our goals are to 1) put users in control of their information, 2) only share with their permission, and 3) remove as much friction as possible. How'd we do?
doug williams: @otto_offringa i'm taking a look at this right now. Can you give me an example number that you tried to enter so I can write a test for it?
doug williams: @madsemiil what type of information would you include if you were to add this?
doug williams: @chrisdevq we want to, but want to make sure we were on the right path first. Validation from this community goes a long way. Know any Android developers that would want to help 😀
@dougw Got it.
So is the plan that you will keep and share users information? For example if someone signs up with copper on product a and adds name, address, shipping, etc. when they go to product B after the text verification is all of the information pre-populated for them to enter?
If so is the real value only visible in a few months when you have had people implement and use this so that you can collect the data to use for others?
Mario Fraiß: @lajlev Did you really just put your real phone number on this board?
doug williams: @kaizendad not yet -- there are some obvious security considerations to think through there. Changing phone numbers is an infrequent thing for most people so we felt that we could add this feature soon. We know this is something we need to tackle and will be doing so very soon.
doug williams: @jmacias create yourself an app at https://withcopper.com/apps, and scroll down to the "Take Copper for a test drive section" to see what's possible. Feedback and suggestions for additional records are welcome.
doug williams: @brianbest and we ❤️ you
Zaheer Merali: @taylorbarr @dougw Would be interesting to have the option of "alias" numbers like in gmail that you can use to sign up for sites that are on a lower credibility tier... and you could then block that number if needed... just a thought. I signed up... am really attracted by the simplicity in user sign-up/on-boarding for apps we're developing targeted at the professional medical market. Which apps / sites currently use Copper?
doug williams: @erik_apichai_vikander this should have been fixed a few hours ago. Please let me know if you have further problems so we can take a look.
Omar D. Samuels: @davidiwanow @dougw Same problem. Also I had to do it three times before the code worked.. which I imagine is just the starting up teething pains, but a point to note is that the second SMS I got seems to have sent me an SMS message entirely in Chinese.
@skylerhughes it's more popular in the East where phone numbers are more popular than email addresses. We're catching up here in the West.
What are you primary concerns sharing your phone number? I'd like to make sure we address them where possible.
doug williams: @juhslk are you one of the folks on a Windows machine running Chrome, by chance? We're hearing this from a number of folks in the community.
@chulk90 i think you'll see us move away form SMS as the only / primary way to deliver authentication codes. The expense, deliverability issues in some geos, and some security concerns demand it.
The opportunity we see is to build a great product for people. We'll look to find value-added services for the people we serve and charge for those to fund operations. We don't currently have plans to charge developers, nor sell data. To build the best product for people, we believe we have to choose them as our customer, exclusively.
doug williams: @degrems i like that
doug williams: @jason_neiman hey thanks for taking a look and giving us some patience. We're early as you note and wanted help from the community to find bugs like this and an effort to get better in public. Chrome on Windows in particular has some bugs that we're attending to now. It sounds like you are seeing those as well. Stand by.
doug williams: @namzo we had a bug this morning that prevented deliverability to some geos -- but that was fixed so give it a try -- from wherever you are.
@johnny5sf we had some hiccups this morning preventing users with phone numbers from certain country codes from successfully receiving the code, but we have fixed those. So users from anywhere in the world should be able to use Copper. That being said, we see many problems with SMS, delivery rates and security concerns, chief among them, which we'll fix in future revs.
Copper, as it is today, was primarily designed and built for consumer services. We've spoken with a few enterprise apps and there is a long-standing preference for email and passwords because they are a known pattern and (ironically) they are easier to share (think teams). We'll be bringing email into the fold as an identifier soon to address your concern, and have some great ideas on how teams can benefit from Copper as well.
Kam Nagra: @dougw would love to help. Would be my first npm. Not sure I'm experienced enough for it 😅
doug williams: @noxowe let me know how I can help.
Jared Erondu: @ihatedotpink @dougw only once. If you add 'phone' as one of the items you ask for, Copper will auto-complete the number field for the user in the next step (since they entered it in the first).
@taylorbarr hey Taylor, there's a definite trend toward moving away from email + password as the way we authenticate. This started in the East, where the PC wave was skipped and most people's first computer was/is a smartphone. There phone numbers are the favored identifier as many people don't have an email address. Here in the West, we're waking up to the same reality, especially the younger generations. We use far too many services these days, at trend that's only increasing, to use reasonably secure passwords on all of our accounts. Our phone will be the physical key to unlock your digital world in the not-too-distant future. While it may feel foreign now, using your phone number will be common place very soon.
What are your concerns with using your phone number? We can address those points in the product and messaging moving forward.
doug williams: @ihatedotpink @levibostian you can store phone numbers, and any information you ask for from the user. Just be sure to add 'phone' as one of the items you ask for and it will be returned when the user completes the auth.
Stephanie Kampendonk: @dougw Thanks for the explanation. To get it perfectly right: I need to ask the user for his phone number twice? First he needs to enter his phone number to verify the number and then in a next step he needs to enter his phone number again to actually store it in the db? Is that correct?
doug williams: @nagra__ yes, we'll get there. want to help?
@dougw thank you for the reply.
Lets say the phone is locked and the thief has access to the phone number. (Im not sure if an attacker could identify the phone number from a locked phone) wouldn't that also be a problem since the lock screen shows the texts?
Also, how could I log in while my phone is gone? It takes some time until my provider can send me another sim card.
doug williams: @levibostian @ihatedotpink you should have seen our first versions, totally Copper branded. But we've listened and learned and have fought hard to pull all of that back because we heard that makers want to offer a great experience for the people they serve. We want makers to see what we're doing as an off-the-shelf solution to a problem common to many apps, how do we register and authenticate users, which means this trend will continue.
Tibor Martini: @dougw would be great if country codes were working with both + and 00
Quốc Nguyễn: @parkeragee maybe cheaper and easier to use.
David Iwanow: @dougw love the idea but found two very annoying bugs... the first i can't enter the numbers with the number pad on my keyboard, the second bug reduces the size of the popup as I enter each character on my email. Also I'm in The Netherlands and it works here :)
doug williams: @davidiwanow the issue with some international phone numbers is fixed, so give it a try. We're also learning about a common bug on Windows machines with the number pad which we are looking into as I type.
Levi Bostian: @ihatedotpink Digits does allow you to store the phone numbers. When the user logs in successfully, you are given a Digits ID which identifies a user in your system and it gives you a phone number.
Jake: @lajlev I am from the UK, with a UK mobile number and could use it just fine, with my international code at the start (44)
Luis Romero: @lajlev In Colombia is working
doug williams: @beckerjs 🙌
doug williams: @davidiwanow thank ya. stand by.
Brijesh Tripathi: @dougw yep, can confirm it works for India (+91) now -- awesome! - like @davidiwanow mentioned found the pop-up window getting smaller as the fields were being entered a bit weird. I'm on windows 10, chrome browser @istereotype @lajlev
David Iwanow: @dougw ah windows 10 machine in Chrome
Charity Amis: @victormanriquey my mom totally got locked out of 1password that way.
doug williams: @jbrooksuk @namzo it'll work internationally... some of our international friends here found a bug preventing the code from being sent to some countries. What's launching without the help of new friends to iron out some things, right? 😎 Try it again and you should be good to go.
@lajlev it should work internationally. include your country code with the standard + notation (e.g. a UK number would be +44 7903595880).
We had an ops setting that prevented a handful of countries from working, but that should be sorted now.
doug williams: @davidiwanow thanks. what type of device, OS and browser? We'll take a look.
Mike Khristo: @dougw congrats Doug!
Jason Shultz: @johnnyquachy I think it depends on the users. There's something to be said for social signup and coding your app so if they sign in with different social networks it doesn't create duplicate accounts. I've seen many apps that do just that. I sign in with facebook one day, sign in with twitter/google the next day. It's easy enough to do, and then you have two accounts. To rectify that, you have to code your app to be able to take those accounts and merge them together. Either by having additional options on the profile page and having the user signin to each one, or by doing it seamlessly from the login screen. Doing a phone number login takes that out of the equation, especially on mobile. It doesn't work as well on desktop or tablet of course.
@andmitsch Sounds like a good thing if one is interested in thwarting spam accounts within their app.
And, to your point; it would require the app be compelling enough to meet that trust threshold.
untitled: @lajlev They should help us with the format number. I'm from Argentina and i can't enter the number right.
Alex Widar: @lajlev Doesn't seem to work with my Swedish phone number either.. Shame, since it proclaims "Welcome anyone with a mobile number"
Stephanie Kampendonk: @levibostian fair enough! 😆 If they now would allow me to store phone numbers as well, my current workload would be reduced by almost 60% 😂
@ihatedotpink I am a digits user myself. The reason why I am excited about copper is the potential for branding. Digits is all free which is nice but my users receive texts that say "...fron Digits by Twitter" when I would rather keep that out.
Keep the service simple. It's solving a simple problem.
James Brooks: @namzo and other places. My UK number worked fine.
Patrick: @victormanriquey just use the 1Password app ;D
Victor Manrique: @justawebguy And I'll end up by somehow losing the password to that too xD
Gabor Monori: @lajlev Doesn't work with Belgian number, hope it will soon!
Brijesh Tripathi: @pascualaparicio works for some countries like some people mentioned above UK, SA, NL - didn't work for me too (India)
Patrick Onyekachukwu Udeh: @lajlev Same response I get.
Vladislav Arbatov: @lajlev Doesn't work for Russian numbers
doug williams: @gopietz if your phone is stolen, and you aren't protecting your phone with a password or Touch ID, then you are going to have problems with a service like Copper, which uses your exclusive access to your text messages to verify your identity. But then again, if you haven't locked your phone, a bad actor would presumably have access to your apps, and your email which can be used to reset passwords on nearly every account. So we're counting on people locking their phone, which is happening more and more, as people understand the risk of not doing so. All that being said, SMS has many issues which we recognize, and we will move away from it, but the ubiquity is too hard to ignore for now.
Amit Tiwari: Congrats, I love how simple you guys have made the whole auth process. Although I have one question, in your website you show that when user is authenticated, I get his/her name, email and probably a profile pic, how do you guys get that info? Does that info gets updated for all the services that use cooper whenever a user updates his/her info, assuming that he/she can?
doug williams: @steve228uk I worked at Twitter and this does not make me nervous.
Tristan Celebi: @dougw Worked with my German number. But tried a few times. While I was typing it deleted my number... I am now in the Copper. 😎
doug williams: @shivam_mani_ it's top of mind. If you know anyone that could help, we're all ears :)
doug williams: @junetic yes, you can add your logo and brand colors (which styles UI elements like the activity indicator).
doug williams: @parkeragee free as in beer at the moment. We want to take a different model where we find value added services for the people we serve, and not charge developers or sell user data to marketers. The opportunity we see is to build a product where our users are also our customers.
Tristan Celebi: @lajlev for real? So disappointed that I can't try it :(
Gus Navarro: @lajlev Worked on my UK number :)
Ashim Saxena: @lajlev works fine for South African #s too
Jack Hage: @lajlev Seems to work for me with a NL number (31)
The following information is related to the job
Honor: Home care built for our parents, and you--- Software Engineer ---San Francisco
MailTime: Go through your email as fast and easy as text-messaging--- Software Engineer ---San Francisco
PrepScholar: SAT/ACT Prep that's customized to you--- Product Manager ---Boston
Buffer: Simple, powerful social media--- VP of Product---🌎
Babbel: A more personalized social network--- Senior Product Manager ---Berlin
Juicero: Healthy living made easy & accessible through technology--- Lead Frontend Developer---San Francisco