Magic.Link is a startup bringing easy passwordpress login the masses. It's a unique proposition; ditch the standard username and password combination, and use an email to generate a one time code to get into a website.
In this article, we're going to take a look at how password-less login works in WordPress when using the new Magic.Link plugin (free on the repository). We will also dive into the more developer-centric integrations which make use of Ruby, PHP, Python, JS, React, Eth, and Webflow.
Passwordless login makes use of one time tokens or codes, either emailed or texted to the user. If texted, the OTP (one time password) is entered, checked against the verification service, and if it matches, the user is logged into the site. For the email, when the user clicks on a link in the verification message, they are taken to a an endpoint and logged in. As long as bad actors don't have access to the end-users email account, this is an incredibly secure method of logging into websites and applications without needing to remember a password.
Passwordless login is ideal for situations where you wish to protect your user's data. This is especially useful for users that are using public computers or devices to access their account, but are still concerned about security. Rather than having users type out a password, they receive a unique code which can only be used once to login.
There's no risk that a user may write down a password which could get into the wrong hands, or have it auto saved on a browser that's accessible by other people. Instead, they use incredibly secure accounts from Gmail or their cell phones, which employ some of the strictest security methods available.
Something else that's really neat about this type of login is that the flow for both registration and login is the same. You enter your email, verify using a code or token, and end up on the website. It's been up to you and your developers to figure out if you want to collect more information (you can easily identify if it's the first time this email is being used on your site), or if it's just a standard login and they should be pushed to the account page.
Passwordless login isn't a new concept, but Magic.Link is a relatively new company. They bring disruption to this concept, offering developers and creators an incredibly easy way to implement a powerful "magic link" login.
The offering allows you to make use of the standard email login, alongside an SMS OTP. You can also incorporate advanced features such as social oauth using Google, Facebook, GitHub and more, alongside biometric protection, MultiFactor Authentication. You can even incorporate blockchian into your Magic Login.
Magic is free for around 10000 logins, and then it'll cost 0.0085 per each additional login.
In our opinion, that's a really cool pay-as-you-go business model. And it makes a lot of sense to people who seriously care about their security as you can incorporate all of the features mentioned above, along side bot protection, managed email delivery, WYSIWYG Login Form editing, 99.99% uptime and a registration that is guaranteed to be SOC 2, GDPR, and CCPA compliant, undergoing regular 3rd-party security tests. Worth noting: ISO27001 and HIPAA compliance for this log in system is coming soon.
There's a time and a place for Passwordless logins:
On Public Computers
Passwordless login is ideal for times when people are using public computers. This usually takes place at an airport, library, internet cafes, or even just at a friends house that you don't trust 100%. It can also be helpful for users dealing with extremely slow web browsers that have trouble loading all the code necessary to authenticate with a password. Passwordless login allows them to avoid the frustration of dealing with an authentication method that may not work, simply by taking out the risk of having to remember their password.
On Mobile Apps
Mobile applications are becoming more and more popular every day, but they're also being discovered as major attack vectors for private data. A Passwordless login is a great way to protect your users and their data. With the advent of malware on mobile phones, it's incredibly important that you allow them to opt-out of entering their password every time they want to use an app on their phone.
On A Device That You Don't Trust
Last but not least, Passwordless login is a great way to protect your users on computers that they don't trust 100%. This can happen in two different ways: 1) You give them permission to log into your computer, but you don't want them saving their password because its not safe. 2) They come across somebody else's computer and need an easy way to log in without risking the security of their information. Passwordless logins allow them to do away with a password all together, and instead provide a one time code that's easier to manage in these dangerous situations.
Adding this unique feature to WordPress will make your user registration and login process more secure and easy. For people running membership websites, newcomers e-commerce set ups, or anything else requiring a ton of user identification, this might be a cool option to explore!
Magic.Link is made for developers, but it can be added to WordPress by using a recently launched plugin.
In fact, we use a customized version of the Plugin to manage all of our users on this blog. With an account, you can manage course purchases, save blog posts to read later, access private community, and more. It's a really easy way for us to manage our user logins and ensure the maximum security for this website.
It's a relatively simple integration (get from the repo here), built on top of the pre-existing PHP library. All you need to do is enter your API key pair, choose a couple of settings, and you're up and running. It will automatically replace your standard WordPress login page, and you can place it anywhere else in the website that you need via a shortcode. Styling is done through custom CSS.
Magic.Link is a unique login solution that all developers should be aware of. It's easy to add to a WordPress or Webflow website, along with any mobile app or custom solution. The benefits of a managed system that's easy, compliant, and secure should be a great draw to anybody looking to streamline their login system.
We really like this company because it makes passwordless login for WordPress simple, easy and secure.