14 Passwordless login: Using magic links and one-time passwords
This chapter covers
- Using magic links
- Using one-time passwords for authentication
- Protecting your apps from passwordless-authentication vulnerabilities
You’re trying to log in to your favorite app, but you can’t remember your password. Was it your dog’s name plus your birth year? No, wait—that was your banking account. Maybe it’s P@ssw0rd123? No—you changed it last month. After five failed attempts and a CAPTCHA test that makes you question your ability to recognize traffic lights, you finally give up and click Forgot Password. And just like that, passwords have once again defeated you.
But relax—passwordless authentication is here to rescue you from the endless cycle of password resets and security questions like “What was the name of your childhood best friend’s second cousin’s goldfish?”
In this chapter, we explore the magic (literally) of magic links. Think of them as the portkeys of authentication, instantly transporting you to your account. Next, we dive into the thrilling world of one-time passwords (OTPs), the digital equivalent of casting the Alohomora spell to unlock your login.
The passwordless adventure doesn’t end here. Chapter 15 unveils the high-tech sorcery that is WebAuthn, in which your face, fingerprint, or a tiny security key acts like a personal wand, proving that you—and only you—are the true master of your account.