question

brendan avatar image
brendan asked

Auth for HTML5 games

Question from a developer:

My team is working on HTML5 games targeting mobile platforms. Since we're mobile oriented, we want to use mobile phone numbers to authenticate users. But my developers said that PlayFab auth is email-based. What auth solutions does PlayFab provide that would work for us?

Authentication
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
brendan avatar image
brendan answered

First, I would strongly advise you to stay far away from using a phone number for authentication. First, it's not a secret, so anyone could impersonate anyone whose phone number they can find. Second, phone numbers are considered PII, which you really shouldn't be using except when absolutely necessary.

For your games, we provide a wide range of authentication mechanisms (https://api.playfab.com/docs/tutorials#landing-players). For HTML5 games, I'd recommend one of the service-based auth systems, like Twitch, Google, Facebook, etc. Any of those would allow the player to sign in on any device. If you want to make it a zero-friction login to start, you could generate a random GUID locally, and use that with LoginWithCustomId to start, storing that in a cookie on the local device. But you'll want to incentivize the user to "upgrade" that to a login method that can travel across devices eventually.

2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

igor-1 avatar image igor-1 commented ·

Thank You for the answer!
2 remarks:
- There is no 100% security in our world. But 2-step SMS Verification is securly enough in case Your handset in the your hand.
- By not providing or supporting SMS-based solution (let's say Twilio-like), Playfab (as a business), miss a huge vertical of Mobile Carriers' VAS & Multimedia.

, @Brendan

Thank You for the answer!
2 remarks:
- There is no 100% security in our world. But 2-step SMS Verification is securly enough in case Your handset in the your hand.
- By not providing or supporting SMS-based solution (let's say Twilio-like), Playfab (as a business), miss a huge vertical of Mobile Carriers' VAS & Multimedia.

0 Likes 0 ·
brendan avatar image brendan igor-1 commented ·

Oh, you're talking about 2FA! Sorry, I took what you said to mean that you wanted to use the phone number literally as the auth - using LoginWithCustomId. While we do provide 2FA for developer accounts, we've had very few requests for that to be player-facing, mainly because it's relatively high friction for games. If you're interested in having something like Authenticator integrated for players, you might want to "like" this feature request: https://community.playfab.com/idea/11981/google-authenticator-authy-for-us-not-clients.html

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.