Passwordless login

[iszulcdeepsense]

In order to simplify sign-in process, we can implement "Passwordless Authentication".

When account is configured to use passwordless login, the user is asked to enter their email address, to which Racetrack will send a one-time-use link to log in.

• SMTP server is needed to send mails.
• visiting a link should create a session and keep the session ID in cookies. Let's find out if it can work with Django.

https://auth0.com/docs/authenticate/passwordless/authentication-methods/email-magic-link

[JosefAssadERST]

I find the idea intriguing, but I am a bit wary. I have never implemented this myself, or had users using it, and actually I've never been a user in a system using this pattern before.

That means, if we implement it, even if it turns out to be a good idea, users will still be surprised at least in the start. Also I'm not 100% sure how happy users are to Alt tab with a mail client to log in somewhere.

I'm not for or against, I'm wary.

[iszulcdeepsense]

I've found out recently that LinkedIn implemented "one-time sign in links" so I hope it becomes more familiar and less surprising.

https://www.linkedin.com/help/linkedin/answer/a1336496/one-time-sign-in?lang=en

Looks like they implemented this 2 months ago. I've noticed that this feature doesn't show up always so it might be still under A-B testing or something.