What are Passwordless Logins (Magic Links)?

Avatar
Brian Lee
  • Updated

What are Passwordless Logins?

This is a method for users to securely sign in to the Affinity Mobile App and Pathfinder Chrome Extension using a unique, one-time-use link sent to the user's email address.

  1. When you sign in, you will be prompted to enter your email address, then click Send Email.
    Magic_Link_Screen.png

  2. Then, open the email on the same device/browser you're signing into Affinity to access the magic link:
    1. If you're signing into the Pathfinder Chrome Extension on your laptop/desktop, you should open the email in the same web browser.
      Click_Email.png

    2. If you're signing into the mobile app on your phone, you should open the email in the Mail app of your choice.
      Click_Email_for_mobile_app.png

  3. This magic link is a secure way to authenticate and identify yourself as a valid user. Clicking on the magic link will take you back into the Affinity mobile app or Pathfinder Chrome extension automatically with a successful sign in.

 

How is this secure?

When the user submits their email and requests a magic link for login, Affinity performs a check to see if the email is tied to a valid user account.

If the email is tied to a valid user account, then Affinity's system sends an email to the submitted email address. This means that only the user who has access to the submitted email address can access the magic link.

A few more reasons magic link is secure:

  • The link sent to the user can only be used once.
  • The link expires after a maximum of 25 minutes.
  • The link can only be used on the device that requested the link. If a user forwards the email to a colleague, or the link is intercepted by another app on the phone, the link will not be usable.

 

What are the advantages to Passwordless Logins?

Passwords are difficult to remember and keep updated. As a result, many users reuse passwords across different accounts. If an account with a shared password becomes compromised, this means the other accounts with that same password may also be compromised.

Furthermore, typing in passwords on-the-go on a mobile keyboard can be difficult, especially if they're complex. Affinity's magic link login allows users to securely log in without having to remember or type in a password on their mobile device.

 

What if I can't access my email address on my mobile phone?

Although using a magic link is the primary way for users to access their data via the Affinity mobile app, we will continue to support signing in using your email account's password as a secondary option.

Related articles

Articles in this section