## Passwordless authentication Passwordless authentication covers multiple authentication methods that allow users to verify their identities without entering a traditional password. Instead, it relies on alternative factors such as biometrics, email or SMS-based one-time codes, or magic links. This approach enhances security by eliminating the risks associated with password theft, such as phishing attacks and credential stuffing. Passwordless authentication offers significant advantages in terms of security and user experience. Frontegg is continually enhancing its support for these strategies and addressing client needs. Currently, Frontegg supports the following passwordless authentication methods: Magic Code and Magic Link. ## Passwordless authentication benefits Employing passwordless authentication offers multiple benefits: * **Enhanced Security**: By removing passwords, the attack surface for cyber threats is reduced. Passwordless methods are less susceptible to phishing and brute-force attacks. * **Improved User Experience**: Users no longer need to remember complex passwords, leading to a smoother and faster login process. * **Reduced IT Costs**: Fewer password-related support requests decrease the burden on IT helpdesks. * **Compliance and Risk Management**: Passwordless systems help organizations meet compliance requirements by providing stronger authentication mechanisms. ### Magic code When using a **magic code** as a login method, your user will receive a one-time code after they input their email to log in. After retrieving and entering the code received in their email, the user's identity is verified, and they are signed in. ### Magic link When using a **magic link** to log in, users simply input their email address in the login box. In response, Frontegg sends the user a login link. The user then clicks the link and is subsequently logged in. The link is valid for one-time use and expires after the time you specify (see **Code expiration time**, below). Both passwordless methods offer an additional layer of security and free the user from remembering a password. br ## Configuring passwordless authentication Complete the following steps to configure your login box to use passwordless authentication: ### Step 1: Configure passwordless methods in the Frontegg portal To configure the passwordless flow, go to your [Frontegg portal](https://portal.frontegg.com/) and navigate to **Home**, then click the "Go to Builder" button for the Login Box. ### Step 2: Set passwordless strategy In the left panel under **Email Sign-On**, choose which passwordless configuration you wish to implement. You have two options: * **Magic Code**, where a user receives a one-time code (OTC) by email that they must enter to log in. * **Magic Link**, where a user is emailed a unique link that they must click to log in. ![passwordless](/assets/passwordless_admin_box.c6b85058ae7cec463ce107f176727f22a0187d923209d73c30e3eceeb3171f82.740980a4.png) ### Step 3: Set code expiration time Remember to set the expiration time for whichever option you choose. The default expiration time is five minutes, but you can select a time between one minute and one hour from the pre-defined options. Set the expiration time via the [ENVIRONMENT] → Configurations → Authentication → Passwordless tab in the Frontegg portal. ![passwordless](/assets/set_expiration_code.0a95c8be7ab4b5444def32bbc2f3c54ea48705913480a1781c7d4da5102dacef.08798bad.png) ### Step 4: Customize your email template Customize your Magic Code / Magic Link email template via the **Emails** tab in your chosen **Environment**. ![passwordless](/assets/step_4.4a57d48ea5b2615abd38b586dddc4aacdcba51582727f3318b15405a481c3b95.08798bad.png) ## Via API Passwordless authentication can also be configured via API. Check out the full collection [here](/ciam/api/identity/passwordless).