SuperTokens Passwordless - Fully flexible, open source auth in 15 minutes | Prod...
source link: https://www.producthunt.com/posts/supertokens-passwordless
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Fully flexible, open source auth in 15 minutes
Hi everyone!
Today, we’re releasing the most powerful passwordless solution ever built! 🎉
What is passwordless? Users can enter their email ID or phone numbers and receive a "Magic Link or an "OTP" instead of a password
Magic links are URLs that contain a unique identifier (password) embedded in the URL itself. The OTPs and magic links are time based, one time use only. They expire quickly and can only be accessed by someone who has access to that specific email ID or phone number.
Advantages and concerns: Users often reuse the same password or use "password123" which can be guessed or brute forced. Removing passwords out of equation removes this concern
In terms of UX, passwordless may present a significantly improved UX depending on the type of app and user
For eg: Phone number based OTPs may be a great way to maximize sign conversions for mobile apps.
We support email and phone based auth in our implementation of passwordless. WebAuthN and push notif based auth coming soon!
I'd love to hear what you think about passwordless and answer any questions about user experience and security!
Why I like Passwordless? It reminds me of my conversations with Dad. I keep asking him to create secure passwords and manage them as I say. And he keeps complaining it is hard to remember passwords and keeps asking me the same questions repeatedly
* why can't I create a simple password as "password123", I have nothing to hide * why can't I reuse it everywhere, what would someone get by hacking my account * ok, I will create different strong passwords everywhere. Can I write it in a diary then?
and a very deadly question - why can't I share my password with my friend. He says that all his friends do all those things and they have never been hacked.
When I think more closely, that's the level of awareness or tech experience of most people. Dealing with passwords gives them a headache. It seems like a common sense to us developers who are well aware of what happens in the background when we make a login request. When we give those people password-based auth, we expect them to work as per best practices while in reality, they make the worst choices and this makes the password-based auth highly insecure.
I think passwordless fills this gap, makes systems more secure for users who are not that tech savvy. Definitely, passwordless auth goes on top of my list of auth strategies to implement in my next app.
I'm curious what are some guidelines that we can give to end users(similar to my Dad) to make passwordless more secure and easier to use? Althoug most of the passwordless security I see is at the implementer side only but still if there are any thoughts from the community, I'd love to learn that
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK