Comparing Auth0 and humanID
By David Olukoju
January 19, 2022
Single Sign-On (SSO) is an authentication service that permits one set of login credentials per user instead of using multiple sets. Dealing with credentials such as passwords can be cumbersome when logging in to various accounts, so using one credential set streamlines the login process. Other login features such as anonymous logins or alternative logins act as safeguards for when these passwords become forgotten, but SSO resolves the conflicting nature of multiple login implementations while being bot-resistant. With SSO, the service offers many different solutions that depend on various methods to meet modern expectations of privacy. This article will look to Auth0 and one of its alternatives, humanID.
Auth0 authenticates users through usernames and passwords, and the software deals with issues such as duplicate accounts through account linking. The SSO connects users with network resources through a database and set of services upon entering the correct usernames/passwords. A key facet of this process is communication between applications, servers, and databases to ensure a seamless user experience.
humanID‘s SSO works by requiring a user to enter their phone number. Paired with a valid SIM card, this information authenticates the user. Upon authentication, this information is then deleted and each user is assigned a unique online identity known as a hash-led identifier. A user would input their phone number and receive a code through SMS; the user is granted access after entering the code.
Both humanID and Auth0’s SSOs are General Data Protection Regulation (GDPR) compliant. The GDPR is a data privacy and security law from the EU, and a key way that it ensures compliance is by fining businesses for noncompliance. A key provision of this regulation is that individuals have a right to ask organizations to delete their personal data. Auth0 in particular uses a highly secure database with encrypted passwords. humanID does not use a database; instead, it uses data “silos,” which ensure that leaked data (the hash-led identifiers) is entirely useless since it can only be used and that is only used for user recognition.
Both SSOs are able to meet compliance for this regulation, though do so in different ways. Similarly, while each SSO uses the same technology, they can each be used for various solutions based on specific platform needs. In the next section are a handful of real-world applications of humanID and Auth0.
Case Studies Comparison
Polarizer.io is a social media website developed by Digital Peace Talks gUC in Berlin. Polarizer seeks to tackle the problems of mainstream platforms such as bots and inauthentic users. The application uses humanID’s SSO to ensure a high level of genuine accounts while offering full anonymity. Since humanID is a phone-based authenticator, the cost to acquire multiple phone numbers is fairly high for bot attacks.
GreenZone is a review app developed by the Human Rights Experts and Technology Professionals, a nonprofit in New York State. GreenZone seeks to provide a place for users to share reviews about local places, facilities, and businesses. A key provision of the GreenZone app is the ability to share reviews with other users while protecting their identities. In this case, humanID’s SSO helps to prevent spam reviews and it eliminates the need for passwords, working towards GreenZone’s cause.
Youi is a rewards app developed for Youi Australia, a general insurance company. Youi seeks to increase customer engagement when purchasing policies or filing claims by providing discounts. The application uses Auth0 for social login integration through Google or Facebook credentials, while protecting customer privacy. Implementing Auth0 made it easier for users to remember login credentials while eliminating the need for users to create new ones.
Battlefy is an online gaming platform designed to host eSports competitions. Battlefy seeks to create a simple way for gaming fans to manage and market eSports competitions involving multiplayer games for spectators. According to Battlefy, the app needs to ensure user data security, and streamline the login process. Auth0 allowed Battlefy to eliminate sensitive user information from their database and it allowed for the integration of social platform logins.
In the previously mentioned case studies, a required specification by each client is that it becomes easier for users to log in while protecting their users’ privacy upon implementation. However, Polarizer.io and GreenZone emphasize user anonymity, whereas Youi and Battlefy emphasize ease-of-use.
Which is Better?
In overall comparison, Auth0’s SSO uses a username-password model to authenticate users and humanID’s SSO uses a phone number for authentication. According to the case studies, Auth0 is used to streamline the login process, and humanID is used to decrease the transmission of sensitive data. However, both SSOs have other utilities that may not have been demonstrated through these case studies. As such, it is recommended that you use a set of criteria that best fits your application when choosing between SSOs.