Magic Login

Magic links are a form of passwordless login.

Instead of the user using their password to sign in, they are sent a URL with an embedded token via email.

Once the user clicks that link to authenticate, they are redirected back to the application and are successfully signed in—as if they used a “magic” password, but without needing to type in the actual password.

Magic links streamline the login process and provide an inviting user experience while imposing no additional hardware requirements.

For more information on magic link authentication, see here.

Overview - Login

At a high-level, Magic Login involves three steps:

  1. From the login page, the user clicks on the "Continue With Email" button to request password-less login.
  2. The user enters their email address into the form and clicks "Continue".
  3. The user will receive an email with the magic link.
  4. The user clicks on the magic link to complete the sign-in process and is redirected to the TechChange platform.
  5. The user is now successfully logged-in.

Magic Login Step #1 Magic Login Step #2 Magic Login Step #3

Overview - Registration

  1. From the registration page, the user clicks on the "Continue With Email" button to request password-less signup.
  2. The user enters their email address into the form and clicks "Continue".
  3. The user will receive an email with the magic link.
  4. The user clicks on the magic link to complete the signup process and is redirected to the TechChange platform.
  5. The user is prompted to provide their first name, last name, and agree to the Terms of Service and Privacy Policy on an interstitial "Complete Account Creation" page.
  6. The user is now succesfully registered.

Magic Registration Step #1 Magic Registration Step #2 Magic Registration Step #3 Magic Registration Step #4

Security Implications

As an administrator, you can choose to enable or disable Magic Login for your TechChange organization. By default, Magic Login will be enabled for your TechChange organization.

In order to disable Magic Login, reach out to your TechChange Account Manager.

The Magic Login link expires 15 minutes after it has been created, in order to mitigate the following security risks:

  1. Security is tied to the user’s email account. This presents its own set of security risks. Magic emails may be sent insecurely between mail servers and could be visible to employees at the user’s email provider. User inboxes are also easily accessible on unattended devices. To keep magic emails secure beyond doubt, users need to protect their email accounts with (1) a strong password and (2) multi-factor authentication.
  2. Admins have no control over link sharing. As with passwords, poor security behaviors introduce vulnerabilities. Admins have no way to see or prevent users from sharing confidential links with others. Users should always access their emails via a secure connection on an encrypted network.

results matching ""

    No results matching ""