Q: How has IDgo been designed to be a secure authentication method?
A: The IDgo authentication service leverages something you have (a mobile phone with a cryptographic credential) to provide a secure, simple and fast authentication service and deny authentication requests if warranted. The IDgo service is designed to always support two factors of security, including during creation of an IDgo account and while using IDgo to authenticate. IDgo is designed to be phishing-resistant, e.g., IDgo security tokens are “scoped” to the website where they are created and won’t work if users are tricked into authenticating on a phishing site. IDgo enables multi-factor and password-less authentication that does not rely on secret information such as passwords and is a strong defense against account takeover attacks.
​​
Q: Are biometrics, e.g., FaceID, Fingerprint, used by IDgo?
A: IDgo gives users the option to use device resident biometrics, such as FaceID or Fingerprint in the authentication process. No user biometrics are collected or stored by the IDgo service; user biometrics never leave the end user’s device.
​
Q: What devices does IDgo authentication work with?
A: IDgo authentication works with >98% of mobile devices and >91% of desktop computers.
Q: When enrolling to use IDgo, there is a choice between creating a passkey and registering my device - what are the implications of each choice?
A: By choosing to create a passkey, end users can use any resident biometrics security feature, e.g., FaceID, fingerprint of their mobile phone to authenticate. By registering their device, end users will experience a simple Yes/No notification to authenticate.
​
Q: What do you mean when you say IDgo is "app-less"?
A: By "app-less" we mean that the IDgo service does not require end users to download an application to use the service. End users interact with IDgo via a browser application on their internet connected device.
​
​​Q: What do you mean when you say "omni-channel"?
A: By "omni-channel" we mean that the IDgo authentication service works the same for all user engagement channels, i.e., when authenticating via phone call, online or in person, making the user experience simple and consistent in any engagement channel.
​​​
Q: What end user data does IDgo collect and store?
A: IDgo collects and stores each end user’s mobile phone number. Enterprises have the option to require collection of additional end user information that will be stored by IDgo only as long as there is a business need.
Q: Does IDgo sell end user data collected by the IDgo service?
A: No, IDgo does not sell end user data collected by the IDgo service to any other organization.
Q: What is the IDgo privacy policy?
A: The IDgo privacy policy can be found here. IDgo takes privacy seriously and collects only the minimal amount of data needed about end users. End users control sharing their data with enterprises. IDgo does not share end user data with any other organization.
Q: What certification has IDgo achieved?
A: IDgo maintains SOC2 Type 2 certification.
​
Q: What happens with the IDgo authentication service when an end user with an Android device gets a new cell phone?
A: The next time the end user is prompted to authenticate themselves, the IDgo software will recognize the new device does not have an IDgo credential. The end user will be authenticated using a one-time passcode and prompted to create a new device credential before they are allowed to respond to an authentication request.
​​
Q: What happens with the IDgo authentication service when an end user with an Apple iOS device gets a new cell phone?
A: The next time the end user is prompted to authenticate themselves, the IDgo authentication will work as before if the end user chose to create a passkey when they enrolled in IDgo, since passkeys are stored in the end user’s keychain as part of their Apple iCloud account. If the end user chose to enroll in IDgo and register their device, the end user will be authenticated using a one-time passcode and prompted to create a new device credential before they are allowed to respond to an authentication request.
​
Q: What happens with the IDgo authentication service when an end user gets a different cell phone number than the one used to enroll in the IDgo service?
A: The end user will need to be re-invited by their service provider to complete the IDgo enrollment process once again to associate the new phone number with their IDgo account.
​
Q: Does IDgo comply with the Telephone Consumer Protection Act (TCPA)?
A: TCPA is aimed at restricting telephone solicitations, i.e., telemarketing, using pre-recorded voice messages, automatic dialing, SMS and fax. The requirements of TCPA do not apply to IDgo authentication SMS messages. In addition, IDgo does follow recommended guidelines when sending enrollment SMS messages and includes support for users to “Reply STOP” to opt out of receiving further enrollment SMS messages.