Magic links are passwordless auth methods, that generate unique access links. These are usually valid for a short period of time and normally sent to the email you provide in the login step.
Personally, I'm not a huge fan, and I prefer to login with social accounts, as it's way easier than opening an email each time.
What is your experience with these? Do you use them?
Oldest comments (21)
Also, magic.link is a great and easy to set up solution if you ever come across the need to use them in your own projects π
Good point on security ππ
Same here, although I agree with @idarek 's point π
Recently we switched away from social accounts (as Google started asking too many questions regarding who are our users and what do they use our app for etc.), we generate a unique login link and send it to user's email address. They can login by clicking the link.
And yes, users love it, remembering/resetting password is a mess, especially when dealing with non technical users. Users still have option for using password, but they often use signin with email.
That's exactly what the post's about. Can you elaborate a bit on whether or not your users like it better this way? π
Users like it, specially when they are not very tech savvy.
Great if it works for you and your clients ππ
Hi, do you have any stats to share ? What % of your users are using it ? What's your customer segments in term of age ? What industry ? And no, I'm not the police :D
Yeah, probably one of the best decisions I made like 5 years ago π
Hahahah, good one ππ
I'm setting up a site right now that will use magic links, the reasoning is a low barrier to entry. My site has an inviting service where users can invite other users, I wanted an invited user to just click an invite link and immediately have access to the site. That sort of thinking just carried over to the whole app and I just got rid of passwords in general.
There is still a remember me option when generating the email token.
I'm enjoying reading the answers here. Considering the possible use of magic links as a Forem feature (in addition to other forms of auth) with some reservations about how to best approach ideas like this from UX and security perspectives.
I think using a provider that already has hardened security is still a nice way to login. Honestly, they dont gain much about you other than the fact you use the service X. Their wide spread trackers all around the web does most of the work.
I wish more people cared tho.
I spend a lot of time researching this subject and created my own implementation that is using Databunker secure session store:
github.com/securitybunker/databunk...
My implementation of passwordless login with magic link
You can use my example and adjust it for your needs. It is a stand-alone solution. You do not need to pay for any 3rd party service. Here is a link:
github.com/securitybunker/databunk...