Passwordless authentication
Passwordless authentication covers multiple authentication methods that allow users to verify their identities without entering a traditional password. Instead, it relies on alternative factors such as biometrics, email or SMS-based one-time codes, or magic links. This approach enhances security by eliminating the risks associated with password theft, such as phishing attacks and credential stuffing.
Passwordless authentication offers significant advantages in terms of security and user experience. Frontegg is constantly working on enhancing its support for these strategies and addressing client needs. Frontegg currently supports the following passwordless authentication methods: Magic code & Magic link.
Passwordless authentication benefits
Employing passwordless authentication offer multiple benefits:
Enhanced Security: By removing passwords, the attack surface for cyber threats is reduced. Passwordless methods are less susceptible to phishing and brute force attacks.
Improved User Experience: Users no longer need to remember complex passwords, leading to a smoother and faster login process.
Reduced IT Costs: Fewer password-related support requests can decrease the burden on IT helpdesks.
Compliance and Risk Management: Passwordless systems can help organizations meet compliance requirements by providing stronger authentication mechanisms.
Magic code
When using a magic code as a login method, your user will receive a one-time code after they input their email to login. After retrieving and inputting the code received in their email, the user's identity is verified, and they are signed in.
Magic link
When using a magic link to log in, users simply input their email address in the login box. In response, Frontegg emails the user a login link. The user then clicks the link and is subsequently logged in. The link is valid for one-time use and expires after the time you indicate (see Code expiration time, below).
Both passwordless methods offer an additional layer of security and free the user from remembering a password.
Configuring passwordless authentication
Complete the following steps to configure your login box to use passwordless authentication:
Step 1: Configure passwordless methods in the Frontegg portal
Step 2: Step 2: Enable passwordless strategy
Step 1: Configure passwordless in Frontegg portal
To configure passwordless flow go to your Frontegg portal and navigate to Home and click the go to builder button for the the Login Box.
Step 2: Set passwordless strategy
In the left panel under email sign on, decide which passwordless configuration you wish to implement.
You have two options to choose from:
- Magic code, where a user receives a one-time code (OTC) by email which they need to actively insert in order to login.
- Magic link, where a user is emailed a unique link that they need to click in order to login.
Step 3: Set code expiration time
Remember to set the expiration time for whichever option you choose. The default expiration time is five minutes, but you can choose between one minute and one hour from pre-defined options. Setting the expiration time is done via the [ENVIRONMENT] → Configurations ➜ Authentication → Passwordless tab in the Frontegg portal.
Step 4: Customize your email template
Customize your Magic code/ Magic link email template. You can do so via the Emails tab in your Environment of choice.
Via API
Passwordless authentication can be configured via API as well. Check out the full collection, here.