Le simulateur iOS de XCode est très pratique la plupart du temps, mais dans certains cas il n’est pas possible d’y tester certaines fonctionnalités

Si vous voulez tester le fonctionnement de votre application avec l'appareil photo du téléphone ou envoyer un SMS à partir de votre application, vous devrez tester et déboguer votre application avec un vrai device.

Cet article  vous explique comment tester vos applications en cours de développement directement sur votre iPhone ou autre appareil iOS et vous expliquera comment corriger certaines erreurs courantes que vous rencontrerez probablement en cours de route.

Comment sélectionner votre iPhone comme appareil "Simulateur"

“Simulateur” est entre guillemets ici car en fait on va créer une vraie application sur votre téléphone ; ce n'est plus une simulation.

Ouvrez un projet dans Xcode et cliquez sur l'appareil près du bouton ▶ en haut à gauche de votre écran Xcode.

Branchez votre iPhone sur votre …

Browser support for WebAuthn is growing rapidly. As of writing, 87.39% of internet users should have support. You can check for WebAuthn support by checking for PublicKeyCredential in JavaScript:

What is WebAuthn?

WebAuthn (short for Web Authentication) is a relatively new browser API for strong, scoped, passwordless authentication. Instead of a password, an authenticator uses public key cryptography to create a key pair (known as a credential) for a website. It's part of the FIDO2 specification written bythe W3C and the FIDO Alliance, a group of security researchers interested in abolishing passwords.

WebAuthn is an incredibly promising API because it reduces the web's reliance on passwords. Because credentials are tied to a website, it also prevents phishing attacks. Once a credential is generated, only the public key is sent to a website's servers. This means that databases are less vulnerable …

If you Googled "phone number regex" and regretted it you're in the right place. There are a lot of valid phone number formats, but fortunately there are free tools that you can use to help make sure a phone number is valid.

This post will walk through two ways to check a phone number's validity: the Twilio Lookup API and the intl-tel-input JavaScript plugin. This builds on How to build international phone number input in HTML and JavaScript, which you can reference for more details on building the nice-looking phone number input field I'm using below.

You can find the finished code on my GitHub.

Why you should validate phone number input

You want to validate phone numbers so that you can help prevent sign up spam and fraud and also catch simple errors like typos. We'll include recommendations for phone verification and some more account security best …

Phone numbers are standardized in an international format known as E.164 which combines country codes and subscriber numbers in a format like this: +14155552671. This format is required by many APIs (including Twilio's) and means that you don't have to store country codes and phone numbers in two separate database columns.

However, you probably don't want your users to have to type in a + sign and country code when they provide their phone number to:

• Register a new account
• Enable SMS 2FA
• Request a callback from customer service
• Sign up for marketing notifications

This blog post will walk through how to build a phone number input field to process and parse phone numbers using basic HTML, JavaScript, and the intl-tel-input plugin. We'll include recommendations for phone verification and fraud prevention.

You can find the finished code on my GitHub.

What can the intl-tel-input plugin do?

This project …

Push authentication is one of the most secure and easy to use forms of user authentication. When a company issues an authentication challenge, the user only has to tap allow or deny when they receive the push notification on their phone—much easier than typing in a one-time password (OTP).

Using push authentication means a company can also add useful context about the authentication event. Think of things like payments: instead of just sending a code, the authentication request can include information about the payment like the amount and recipient. Even better, because it's one of the few forms of authentication that lets the user deny an authentication attempt, companies can take advantage of that information to identify real time phishing attacks or other malicious activity.

Push authentication also uses public key cryptography under the hood to link a single device (like a user's phone) to their identity. That makes it …

The European Payment Services Directive (PSD2) regulation requires Strong Customer Authentication (SCA) when a payer:

• Initiates an electronic payment over €30*
• Accesses their payment account online
• Does any other remote action "which may imply a risk of payment fraud or other abuses"

This applies to:

• Business and/or customers in the European Economic Area
• Online/debit or credit card-not-present transactions

Originally the deadline was September 2019, but that's been extended until 31 December 2020 (the SCA deadline in the UK is now 14 September 2021).

There are three ways to use Twilio to implement SCA for transactions in your application:

1. Verify SMS One-Time Passcodes (OTP)
2. Push authentication
3. Transactional TOTP

This post will give an overview of each method and provide resources to get started.

SCA requirements for card-not-present transactions

SCA …

TOTP, or Time-based One-time Passwords, is a way to generate short lived authentication tokens commonly used for two-factor authentication (2FA). The algorithm for TOTP is defined in RFC 6238, which means that the open standard can be implemented in a compatible way in multiple applications. You might be familiar with TOTP from apps like Authy or Google Authenticator, but there are a lot of other options including Duo and Microsoft Authenticator.

Getting users to enable 2FA is half the battle of improving account security, so I recommend giving your customers flexibility over which authenticator app they use.

The Authy API (connected to, but different than the Authy App) defaults to enrolling the user in the Authy App but this post will show you how to use the API in a way that lets your customers use the authenticator app of their choice.

Call center security is a known weak spot for many companies. That's because most call centers only identify and do not actually authenticate users when they call.

Identity information is usually static data like a phone number or date of birth -- things that a lot of people know about me and you. Identity information is often easy to find or purchase and probably doesn't change. With a little bit of research, hackers can use social engineering to bypass common knowledge-based "verification" based on a user's identity. Authentication is how to prove identity with a factor that could be something you know like a password, something you have like a key, or something you are like a fingerprint.

Options for actually authenticating users contacting your support system include sending one-time passcodes (OTPs) to a user via SMS or email, callbacks, security PINs, verbal passcodes, voice recognition, and more. For more …