CompTIA Study Materials
CompTIA A+ CompTIA A+
CompTIA A+ 220-1101 CompTIA A+ 220-1102
CompTIA Network+ CompTIA Network+
CompTIA Network+ N10-008
CompTIA Security+ CompTIA Security+
CompTIA Security+ SY0-601 CompTIA Security+ SY0-701
CompTIA CySA+ CompTIA CySA+
CompTIA CySA+ CS0-003
CompTIA Linux+ CompTIA Linux+
CompTIA Linux+ XK0-005
CompTIA PenTest+ CompTIA PenTest+
CompTIA PenTest+ PT0-002
CompTIA Cloud+ CompTIA Cloud+
CompTIA Cloud+ CV0-003
CompTIA ITF+ CompTIA ITF+
CompTIA ITF+ FC0-U61
AWS Study Materials
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900
CompTIA Security+ SY0-601 CompTIA Security+ SY0-701

New Feature: Password Free Logins

Posted on Friday, April 26, 2024

New Feature: Password Free Logins
Share on...

New Feature: Password-Free Logins

The #1 feature request I get for the platform is to support logins other than the major login providers we already support. Not everyone wants to use a "Login with Google" or "Login with Apple" button for privacy reasons. While we don't record any personal information other than the email address, it's completely understandable to want to use something more privacy-friendly.

Here by popular demand, we've recently added support for password-free logins! You can now login by entering your email address and confirming a short-lived and secure time-based one-time password (TOTP) we will send to your email address.

What is a Time-based One-time Password (TOTP)

A time-based one-time password (TOTP) is a temporary passcode that uses a unique code generated by a secure algorithm to verify a user's identity. TOTPs are a common form of two-factor authentication (2FA) and are also known as app-based authentication, software tokens, or soft tokens.

What is a Password-Free Login?

Sometimes called a Magic Link or Magic Login, password-free logins via email are an increasingly popular security method where users can access accounts without the need for a traditional password. Instead, a user requests to log in and receives a unique, time-sensitive link or code via their registered email. Once clicked or entered, this authenticates the user directly, bypassing the need for remembering complex passwords. This method not only simplifies the login process but also enhances security by minimizing the risks associated with stolen or weak passwords. Moreover, because access is granted through a personal email, it also ensures that the login attempt is tied directly to the user's email account control.

When will it be available?

Now!

Here are some examples of major websites using similar setups to authenticate and authorize users:

Slack

Similar to Crucial, Slack's login page supports a few "Sign in with xyz" buttons as well as a password-free login using emails.

Medium

Medium supports magic links via email, and if you can't use the link they also offer to send you a code instead.

Notion

Notion's login system is the same as Crucial's and the above examples with a few major login providers supported and a "Login Code" option that sends a TOTP to your given email address.