What are Passwordless Logins (Magic Links)?
What are Passwordless Logins?
This is a method for users to securely sign in to the Affinity mobile app using a unique, one-time-use link sent to the user's email address.
When you sign in to the mobile app, you will be prompted to enter your email address, then open your inbox to access the one-time-use sign in link.
This "magic link" is a secure way to authenticate and identify yourself as a valid user. Clicking on the "magic link" will take you back into the Affinity mobile app with a successful sign in.
How is this secure?
When the user submits their email and requests a magic link for login, Affinity's system performs a check to see if the email is tied to a valid user account.
If the email is tied to a valid user account, then Affinity's system sends an email to the submitted email address. This means that only the user who has access to the submitted email address can access the magic link.
A few more reasons "magic link" is secure:
- The link sent to the user can only be used once.
- The link expires after a maximum of 25 minutes.
- The link can only be used on the device that requested the link. If a user forwards the email to a colleague, or the link is intercepted by another app on the phone, the link will not be usable.
What are the advantages to Passwordless Logins?
Passwords are difficult to remember and keep updated. As a result, many users reuse passwords across different accounts. If an account with a shared password becomes compromised, this means the other accounts with that same password may also be compromised.
Furthermore, typing in passwords on-the-go on a mobile keyboard can be difficult, especially if they're complex. Affinity's "magic link" login allows users to securely log in without having to remember or type in a password on their mobile device.
What if I can't access my email address on my mobile phone?
Although using a "magic link" is the primary way for users to access their data via the Affinity mobile app, we will continue to support logging in using your email account's password as a secondary option.