top of page

Q: How secure is IDgo?

A: The IDgo authentication service leverages mobile device and network security methods such as WebAuthn, FIDO2 and authentication tokens to provide a secure, simple and fast authentication service and deny authentication requests if warranted. The IDgo service is designed to support two factors of security at all times, including during creation of an IDgo account and while using IDgo to authenticate. IDgo is designed to be phishing-resistant, e.g., passkeys are “scoped” to the website where they are created and won’t work if users are tricked into authenticating on a phishing site. IDgo enables multi-factor and passwordless authentication that does not rely on secret information such as passwords and is a strong defense against account takeover attacks.

Q: What fraud attacks does IDgo protect against?

A: IDgo protects against many common fraud attacks including: Credential Stuffing, Phishing / Smishing, Social Engineering, Person in the Middle Attacks, Malware, Brute Force Attack, Spoofing, and SIM Swap. To learn more, click here to read about how IDgo protects against attacks.

Q: Are biometrics used by IDgo?

A: IDgo gives users the option to use device resident biometrics, such as FaceID or Fingerprint in the authentication process. No user biometrics are collected or stored by the IDgo service; user biometrics never leave the end user’s device.

 

Q: What do you mean when you say IDgo is "app-less"?

A: By "app-less" we mean that the IDgo service does not require end users to download an application to use the service. End users interact with IDgo via a browser application on their internet connected device.

Q: What do you mean when you say "omni-channel"?

A: By "omni-channel" we mean that the IDgo authentication service works the same for all user engagement channels, i.e., when authenticating via phone call, online or in person, making the user experience simple and consistent in any engagement channel.

Q: What devices does IDgo authentication work with?

A:  IDgo authentication works with >98% of internet connected devices including mobile phones, laptops, tablets and desktop computers.

Q: What end user data does IDgo collect and store?

A: IDgo collects and stores each end user’s mobile phone number. Enterprises have the option to require collection of additional end user information that will be stored by IDgo only as long as there is a business need.

 

Q: Does IDgo sell end user data collected by the IDgo service?

A: No, IDgo does not sell end user data collected by the IDgo service to any other organization.

 

Q: What is the IDgo privacy policy?

A: The IDgo privacy policy can be found here. IDgo takes privacy seriously and collects only the minimal amount of data needed about end users. End users control sharing their data with enterprises. IDgo does not share end user data with any other organization.

 

Q: Has IDgo achieved SOC certification?

A: Yes, IDgo has completed and continues to maintain SOC2 Type 2 certification.

Q: What happens with the IDgo authentication service when an end user switches cell phones and keeps the same phone number?

A: The next time the end user is prompted to authenticate themselves, the IDgo software will recognize the new device does not have an IDgo passkey if it is an Android device, while Apple devices will work fine as the passkey is stored in iCloud. For Android devices, the end user will be asked to complete an account recovery process to use the IDgo service and given the opportunity to create an IDgo passkey.

Q: What happens with the IDgo authentication service when an end user gets a different cell phone number than the one used to enroll in the IDgo service?

A: The end user will need to be re-invited by their service provider to complete the IDgo enrollment process once again to associate the new phone number with their IDgo account.

Q: Does IDgo comply with the Telephone Consumer Protection Act (TCPA)?

A: TCPA is aimed at restricting telephone solicitations, i.e., telemarketing, using pre-recorded voice messages, automatic dialing, SMS and fax. The requirements of TCPA do not apply to IDgo authentication SMS messages. In addition, IDgo does follow recommended guidelines when sending enrollment SMS messages and includes support for users to “Reply STOP” to opt out of receiving further enrollment SMS messages.

Frequently Asked Questions

Below are FAQs regarding IDgo.

bottom of page