HomeAPI ReferenceSDKs
Guides
Help CenterSign up for Frontegg

Passwordless Authentication

Suggest Edits

Passwordless Strategies

Passwordless authentication covers multiple authentication methods that allow users to verify their identities without entering a traditional password. Instead, it relies on alternative factors such as biometrics, email or SMS-based one-time codes, or magic links. This approach enhances security by eliminating the risks associated with password theft, such as phishing attacks and credential stuffing.

Passwordless authentication offers significant advantages in terms of security and user experience. Frontegg is constantly working on enhancing its support for these strategies and addressing client needs. Frontegg currently supports the following passwordless authentication methods: Magic code & Magic link.

Magic code

When using a magic code as a login method, your user will receive a one-time code after they input their email to login. After retrieving and inputting the code received in their email, the user's identity is verified, and they are signed in.

Magic link

When using a magic link to log in, users simply input their email address in the login box. In response, Frontegg emails the user a login link. The user then clicks the link and is subsequently logged in. The link is valid for one-time use and expires after the time you indicate (see Code expiration time, below).

Both passwordless methods offer an additional layer of security and free the user from remembering a password.


Configuring passwordless authentication

Complete the following steps to configure your login box to use passwordless authentication:

Step 1: Configure passwordless methods in the Frontegg Portal

Step 2: Step 2: Enable passwordless strategy

Step 1: Configure Passwordless in Frontegg Portal

To configure passwordless flow go to your Frontegg Portal and navigate to Home and click the go to builder button for the the Login Box.

Step 2: Set Passwordless Strategy

In the left panel under email sign on, decide which passwordless configuration you wish to implement.

You have two options to choose from:

  1. Magic code, where the user receives a one-time code (OTC) by email that they need to enter to login, and
  2. Magic link, where the user is emailed a unique link that they click to login.



Step 3: Set Code expiration time

Remember to set the expiration time for whichever option you choose. The default expiration time is five minutes, but you can choose between one minute and one hour from pre-defined options. Setting the expiration time is done via the Authentication -> Passwordless tab in your Frontegg Portal.


Step 4:

Customize your Magic code/ Magic link email template. You can do so via the Emails tab in your Environment of choice.



Via API

Passwordless authentication can be configured via API as well. Check out the full collection, here

Updated 13 days ago