racetrack icon indicating copy to clipboard operation
racetrack copied to clipboard
verified publisher icon TheRacetrack

Passwordless login

Open iszulcdeepsense opened this issue 2 years ago • 2 comments

In order to simplify sign-in process, we can implement "Passwordless Authentication".

When account is configured to use passwordless login, the user is asked to enter their email address, to which Racetrack will send a one-time-use link to log in.

  • SMTP server is needed to send mails.
  • visiting a link should create a session and keep the session ID in cookies. Let's find out if it can work with Django.

https://auth0.com/docs/authenticate/passwordless/authentication-methods/email-magic-link

iszulcdeepsense avatar Feb 02 '23 12:02 iszulcdeepsense

I find the idea intriguing, but I am a bit wary. I have never implemented this myself, or had users using it, and actually I've never been a user in a system using this pattern before.

That means, if we implement it, even if it turns out to be a good idea, users will still be surprised at least in the start. Also I'm not 100% sure how happy users are to Alt tab with a mail client to log in somewhere.

I'm not for or against, I'm wary.

JosefAssadERST avatar Feb 03 '23 07:02 JosefAssadERST

I've found out recently that LinkedIn implemented "one-time sign in links" so I hope it becomes more familiar and less surprising.

https://www.linkedin.com/help/linkedin/answer/a1336496/one-time-sign-in?lang=en

Looks like they implemented this 2 months ago. I've noticed that this feature doesn't show up always so it might be still under A-B testing or something.

iszulcdeepsense avatar Feb 03 '23 09:02 iszulcdeepsense