Frequently Asked Questions

Below are FAQs regarding id-go.

Q: How secure is id-go?

A: The id-go service leverages WebAuthn, a core component of the FIDO Alliance’s FIDO2 specifications. The WebAuthn standard, a joint effort from the W3C, an international internet standards organization, and the FIDO Alliance, is for creating and accessing public key credentials on the web, to enable strong authentication of users. With id-go, users can register and authenticate with web applications using devices such as phones, hardware security keys and laptops/desktops. A device can be used alongside other authentication factors to achieve multi-factor authentication (MFA), or in the case of devices with built-in biometrics or PIN entry mechanisms, can achieve MFA from a single gesture, increasing both security and ease-of-use. id-go is designed to be phishing-resistant, as credentials are “scoped” to the website where they were created, and won’t work if users are tricked into authenticating on a phishing site. FIDO enables passwordless and multi-factor authentication that does not rely on secret credentials and is a strong defense against account takeover attacks.

 

Q: Are biometrics used by id-go?

A: id-go uses device resident biometrics, such as Apple’s TouchID and FaceID or Google’s Fingerprint in the authentication process. No user biometrics are collected or stored by the id-go service; user biometrics never leave the end user’s device.

 

Q: What do you mean when you say id-go is "app-less"?

A: By "app-less" we mean that the id-go service does not require end users to download an application to use the service. End users interact with id-go via SMS messages and the id-go website at id-go.com.

Q: What do you mean when you say "omni-channel"?

A: By "omni-channel" we mean that the id-go authentication service works exactly the same way for all channels, e.g., when authenticating via phone call, online or in person, making the user experience simple and consistent.

Q: What devices does id-go authentication work with?

A:  id-go authentication works with internet connected devices including mobile phones, laptops, tablets and desktop computers. Users need a mobile device capable of receiving SMS messages to use the id-go authentication service. It is recommended that devices have local biometrics capabilities, such as Touch ID / Fingerprint or Face ID.

Q: What end user data does id-go collect and store?

A: id-go collects and stores each end user’s mobile phone number. Relying parties have the option to require collection of additional end user information that will be stored as long as there is a business need.

 

Q: Does Cozera sell end user data collected by the id-go service?

A: No, Cozera does not sell end user data collected by the id-go service to any other organization.

 

Q: What is Cozera’s privacy policy?

A: Cozera’s privacy policy can be found here. Cozera takes privacy seriously and collects only the minimal amount of data needed about end users. End users control sharing their data with enterprises. Cozera does not share end user data with any other organization.

 

Q: Has Cozera achieved SOC certification?

A: Yes, Cozera has successfully completed a SOC2 Type 2 certification.

Q: What happens with the id-go authentication service when an end user switches cell phones and keeps the same phone number?

A: The next time the end user is prompted to authenticate themselves, the id-go software will recognize the new phone has not yet been registered. The end user will be asked to complete an account recovery process to use the id-go service again.

Q: What happens with the id-go authentication service when an end user gets a different cell phone number than the one used to enroll in the id-go service?

A: The end user will need to be re-invited by their service provider to complete the id-go enrollment process again one time to associate the new phone number with their id-go account.

Q: Does id-go comply with the Telephone Consumer Protection Act (TCPA)?

A: TCPA is aimed at restricting telephone solicitations, i.e., telemarketing, using pre-recorded voice messages, automatic dialing, SMS and fax. The requirements of TCPA do not apply to id-go authentication SMS messages. In addition, id-go does follow recommended guidelines when sending enrollment SMS messages and includes support for users to “Reply STOP” to opt out of receiving further enrollment SMS messages.