Passwordless authentication
Passwordless authentication covers multiple authentication methods that allow users to verify their identities without entering a traditional password. Instead, it relies on alternative factors such as biometrics, email or SMS-based one-time codes, or magic links. This approach enhances security by eliminating the risks associated with password theft, such as phishing attacks and credential stuffing.
Passwordless authentication offers significant advantages in terms of security and user experience. Frontegg is continually enhancing its support for these strategies and addressing client needs. Currently, Frontegg supports the following passwordless authentication methods: Magic Code and Magic Link.
Passwordless authentication benefits
Employing passwordless authentication offers multiple benefits:
- Enhanced Security: By removing passwords, the attack surface for cyber threats is reduced. Passwordless methods are less susceptible to phishing and brute-force attacks.
- Improved User Experience: Users no longer need to remember complex passwords, leading to a smoother and faster login process.
- Reduced IT Costs: Fewer password-related support requests decrease the burden on IT helpdesks.
- Compliance and Risk Management: Passwordless systems help organizations meet compliance requirements by providing stronger authentication mechanisms.
Magic code
When using a magic code as a login method, your user will receive a one-time code after they input their email to log in. After retrieving and entering the code received in their email, the user's identity is verified, and they are signed in.
Magic link
When using a magic link to log in, users simply input their email address in the login box. In response, Frontegg sends the user a login link. The user then clicks the link and is subsequently logged in. The link is valid for one-time use and expires after the time you specify (see Code expiration time, below).
Both passwordless methods offer an additional layer of security and free the user from remembering a password.
Configuring passwordless authentication
Complete the following steps to configure your login box to use passwordless authentication:
Step 1: Configure passwordless methods in the Frontegg portal
To configure the passwordless flow, go to your Frontegg portal and navigate to Home, then click the "Go to Builder" button for the Login Box.
Step 2: Set passwordless strategy
In the left panel under Email Sign-On, choose which passwordless configuration you wish to implement.
You have two options:
- Magic Code, where a user receives a one-time code (OTC) by email that they must enter to log in.
- Magic Link, where a user is emailed a unique link that they must click to log in.
Step 3: Set code expiration time
Remember to set the expiration time for whichever option you choose. The default expiration time is five minutes, but you can select a time between one minute and one hour from the pre-defined options. Set the expiration time via the [ENVIRONMENT] → Configurations → Authentication → Passwordless tab in the Frontegg portal.
Step 4: Customize your email template
Customize your Magic Code / Magic Link email template via the Emails tab in your chosen Environment.
Via API
Passwordless authentication can also be configured via API. Check out the full collection here.