I think this is the main reason developers should always be designing their software with local-first (aka offline-first) approach in-spite of the Internet and the cloud [1].
Regarding the cellular based authentication, it is perfectly doable to be securely authenticated even without the any connectivity and there is a solution to this based on combination of MFA and OTP [2].
I think you're right, and I'd like to amend the "should always" to "after product market fit". I'm always trying to stop myself from prematurely optimizing
Regarding the cellular based authentication, it is perfectly doable to be securely authenticated even without the any connectivity and there is a solution to this based on combination of MFA and OTP [2].
[1] Martin Kleppmann talk on local-first (LoFi):
https://news.ycombinator.com/item?id=39444519
[2] A lightweight and secure online/offline cross-domain authentication scheme for VANET systems in Industrial IoT:
https://peerj.com/articles/cs-714/