14 Passwordless login: Using Magic links and OTPs

 

This chapter covers

  • Using magic links
  • Using one-time passwords (OTPs) for authentication
  • Protecting your apps from passwordless authentication vulnerabilities

You’re trying to log into your favorite app, but you can’t remember your password. Was it your dog’s name plus your birth year? No, wait—that was your banking account. Maybe it’s P@ssw0rd123? Oh no, you changed it last month! After five failed attempts and a CAPTCHA test that makes you question your ability to recognize traffic lights, you finally give up and hit "Forgot Password."

And just like that, passwords have once again defeated you.

But relax! Passwordless authentication is here to rescue you from the endless cycle of password resets and security questions like, “What was the name of your childhood best friend’s second cousin’s goldfish?”

In this chapter, we’ll explore the magic (literally) of Magic Links—think of them as the Portkeys of authentication, instantly transporting you into your account. Then, we’ll dive into the thrilling world of One-Time Passwords (OTPs), the digital equivalent of casting "Alohomora" to unlock your login.

But the passwordless adventure doesn’t end here. Finally, in chapter 15, we’ll unveil the high-tech sorcery that is WebAuthn—where your face, fingerprint, or a tiny security key acts like a personal wand, proving that you, and only you, are the true master of your account.

14.1 The real magic of magic links authentication

14.2 Authentication through One-Time Passwords (OTPs)

14.3 Exercises

14.4 Summary