Even when the internet was in its infancy, it was clear that a single password wouldn’t be enough to protect its users from bad actors. So some people devised a seemingly magic solution: magic links. But are they the ultimate authentication solution or just another fad in the endless quest of user vs hacker? Let’s have a look.
What are magic links?
Without a password, users can authenticate with magic links. A magic link is a passwordless sign-up that allows you to join an account by clicking a link emailed to you rather than typing in your username and password. In addition, they can be used as part of a multi-factor authentication (MFA) strategy.
Are magic links a type of multi-step multi-factor authentication?
They’re part of an authentication system that requires more than one distinct authentication factor, so yes, they’re considered multi-factor authentication (MFA).
How do magic links work?
Magic links function as a one-time password (OTP) authentication process and follow the same “Forgot Password” workflow. Here’s how it works: A user gives an application an email address and then clicks on the magic link sent to their email account—and hey presto, they’re logged in.
Why do people use magic links?
Seemingly user experience (UX) and authentication are two of the main reasons companies deploy magic links. They also save users from performing numerous password maintenance tasks such as creating, saving, and updating passwords, which gives them more time to watch Netflix or do some actual work. Password-based authentication flows, in which you encrypt, store, and protect your users' passwords, require time and effort to set up and maintain infrastructure to safely handle this sensitive data. And when there are no passwords, there are no password breaches. As 81% of corporate data breaches are caused by inadequate or compromised passwords, it’s no wonder that some companies have chosen to deploy magic links.
Are magic links safe?
Yes and no. Magic links are safer than a single password, but they have drawbacks. Magic links are vulnerable to so-called man-in-the-middle (MITM) attacks if the user is on an unencrypted network. That could be the open wi-fi at your favourite cafe or the one you’re using at the airport between flights. If users lose their device or someone steals it, a hacker could get hold of the link. And with around 325,000 mobile phone thefts annually in England and Wales, that’s not improbable. Hackers could also get their hands on your email password. As 56% of people in the UK use the same password multiple times, it will likely happen.
And even if users are careful about their passwords and devices, there’s always the spam folder. Roughly 1 in 6 emails gets sent to spam, and magic links are prone to end their lives there. Yes, your consumers could sift through their spam folder and try to find your magic link, but that involves extra work- and that creates friction. Their mind is already on the next task, so they’re more likely to abandon the procedure and move on.
An alternative to magic links
Let’s imagine for a while that you could have it all: A super fast, easy login that’s as safe as the most complex authentication methods. You wouldn’t need to spend precious time switching between browser windows, clicking on magic links or going through your spam folder. The idea of magic links is great, but let’s get real; there are still too many hurdles to overcome here.
With MIRACL passwordless authentication, there are no weak or reused passwords. You don’t have to come up with yet another complex number-letter combination. There’s nothing for hackers to steal or phish away from a customer. We call it single-step MFA because you get all the benefits of super-safe multi-factor authentication without all the hassle. One PIN and you’re in.
Welcome to single-step MFA
MIRACL Trust works on 100% of devices, browsers and apps without the need for second devices or authenticator apps. Users are able to set a PIN (or biometric) paired with their trusted device.
You can try a demo yourself here or get in touch to discuss simplifying your user flow, increasing positive user experience and increasing secure customer authentication and see single-step MFA MIRACL Trust for yourself.