Passwordless authentication with a twist

sebestindragos · April 16, 2020, 1:46pm

Most of us think of magic links when we hear “passwordless”, but I’m trying out a different approach. What if we require our users to SEND an email for authenticating?

I’ve been experimenting with this idea recently and actually got around to building a prototype. This system will work as a SaaS (similar to Auth0) aimed at developers to implement authetication in their sites/apps.

The concept is pretty simple. Use mailto HTML links to open the default email app prefilled with a generated auth code. User then taps send, waits for the email to be processed and he’s in.

There are some pretty cool benefits to this method:

user doesn’t have to type in not even their email addresses (infered from the received email)
most email clients also send firstname/lastname with the email address, so signing up to a website that requires email, firsname, and lastname simplified

Spoof protection is done via email DKIM.

Here’s a gif with how this works:

Imgur

What do you guys think? Is this something that could catch on? Is it a viable alternative to existing systems?

m_hutley · April 16, 2020, 3:23pm

Doesnt work with web based mail services.
“Most email clients also send firstname/lastname” - so what does your app do when it DOESNT?

sebestindragos · April 16, 2020, 4:01pm

Working on a solution for web mail too. This will replace the mailto: links with links to gmail, outlook, yahoo. Their web sites have a page dedicated to composing an email.

Then the website will ask you to fill in your name. This concept also applies to login in with Facebook/Google. There are website which prompt you to edit your first/last names when first signing up using OAuth.

system · July 16, 2020, 11:01pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.