Passwordless Authentication

Overview

Imagine a world where you do not need to create an impossible-to-remember password just to fulfill some complicated criteria. A world where you do not need to guess your password several times before worrying about being locked out and resetting it. Well, welcome to the passwordless world!

You knew it was coming, and now it is here. With Frontegg's passwordless feature, users do not need to create and remember passwords anymore. Plus, you get a more secure and better user experience.

Passwordless Strategies

Frontegg currently supports two passwordless authentication strategies:

  1. One-time code (OTC)
  2. Magic link

One-Time Code

When using OTC to login, a user simply inputs their email address in the login box. In response, Frontegg emails the user a one-time code. After retrieving the code from their email, the user then inputs the code in the login box and is signed in.

In addition to not having to remember a password, one benefit of OTC is added security. The code changes each time the user tries to login and is only valid for a short time. Therefore, it is a very secure way to authenticate.

Magic Link

Similar to OTC, when using magic link to login, a user simply inputs their email address in the login box. In response, Frontegg emails the user a login link. The user then needs to visit their email and click on the link. Clicking the link authenticates the user.

Similar to OTC, the benefits of the magic link are added security and not having to remember a password. The link is valid for only one-time use and expires after a short time.

Step-By-Step Guide

Complete the following steps to configure your login box to use passwordless authentication:

Step 1: Configure Passwordless in Frontegg Portal

To configure passwordless flow go to your Frontegg Portal and navigate to Authentication ➜ Settings and select Passwordless.


Step 2: Set Passwordless Strategy

After choosing passwordless, decide which passwordless configuration you want to implement.

Choose between (1) a one-time code, where the user receives a code by email that they need to enter in order to login, and (2) a magic link, where the user is emailed a unique link that they click to login.

Regardless of which option you choose, remember to set the expiration time. The default expiration time is five minutes, but you can choose from pre-defined options between one minute and one hour.

Step 3: Customize Email Template

After activating passwordless login, you need to customize the email template. The email template is the email the user receives after entering their email address in the login box.

To customize the email template, click on the Customize Email Template button. Then, enter your information into the form. You can even customize the HTML and CSS of the message body.

πŸ“˜

Customize email templates

Read more about how to customize emails templates.


This step is important because the email should be from your email address and consistent with your company's branding. Plus, the email template might require certain information of yours in order for passwordless login to work properly. For instance, if you choose the magic link strategy, you need to enter a redirect url.

That is it! Go passwordless.

πŸ“˜

Required Versions

Note: In order to use passwordless you must use one of the following versions or above:


Did this page help you?