Goodbye phishing? Descope’s nOTP authentication offers WhatsApp alternative to SMS

The user clicks a “log in with WhatsApp” button on a website or scans a QR code, which results in a code appearing in WhatsApp. The user hits “send” on this message as if it’s from them and they are automatically logged in to the site.

This works as a basic form of MFA because the user is authenticated through their WhatsApp identity, including its connection to their registered phone number.

The technology behind nOTP reflects the company’s underlying platform Descope Flows, developed as a way for companies to add any type of authentication to their website using a visual process requiring no coding.

The company is pitching nOTP as an option for certain use cases, principally companies that want to move away from SMS authentication or for use on devices such as smart TVs where logins are awkward without a keyboard.

Being able to add any type of authentication to a website is intriguing. A customer can add nOTP but allow a fallback via another authentication method, including an old-world password.

Getting authentication up and running can be expensive and time consuming. The promise Descope is selling is that a developer can design and integrate their login process in a fraction of that time.