Magic Link is a developer SDK that enables you to integrate passwordless authentication into your application by using magic links similar to Slack and Medium.
As a futureproof authentication methodology, in B2B use cases, Magic is becoming increasingly popular. It provides blazing-fast, hardware-secured, passwordless login with a few lines of code even if you already have an existing auth solution.
What Is Magic Link?
Today, the internet is not just a place where people connect or search for information, but also where people invest and store their digital assets with the rise of blockchain technology.
Internet security is always highlighted in communications. In addition to earning money, investors also would like to keep their achievements safe.
Although using passwords is still most common, it is becoming more and more hackable.
Passwordless authentication is a new trend in the internet industry which is believed that safer than the existing methods such as Single Sign-On (SSO), and Multi-Factor Authentication (MFA), which can be cracked with techniques like phishing, keylogging, or password spraying.
Passwordless authentication is all about stopping the use of passwords to improve security and conserve valuable IT resources. The methodology works well for all kinds of SaaS apps and is better for users who are becoming more dependent on smartphones and tablets.
In simple terms, the SDK is going to integrate with your application to make everything work.
When users want to sign up or log in to your application, they must request a Magic Link that will be sent to their email address. They then will click on that magic link to be securely logged into the application.
If it’s a web application, users are logged into the original tab and it also works for clicking on the magic link on a different browser or mobile device.
Benefits of Passwordless Authentication
The benefits of passwordless authentication are rather obvious. First of all, as mentioned, it, of course, provides better security.
Most applications today are built from the combination of username, email, or phone number with a password security model. These are obsolete for many reasons.
It requires a lot of resources to manage user credentials, passwords, secrets, or sessions. Since most people often reuse their passwords everywhere that makes password accounts poor and easily hacked.
In addition, it will cost companies thousands of dollars for user compromises which will increase risk and liability for companies. Worldwide spending on cybersecurity is estimated to reach $133.7 billion in 2022.
Once attackers discover a password that hashed to the same hash as the one stored in a database, they can take it on other applications like your bank accounts. In many cases, it can take a very short time.
For companies using passwords as secrets to encrypt sensitive data, it’s very like symmetric encryption where the encryption key is a weak password determined by humans that can be easily cracked.
Avoid The Hack
User sessions are often hacked after successful authentication so that attackers can exploit that user’s application resources.
In order to prevent that you would need to re-authenticate the user with every request, therefore, this would create an extremely cumbersome user experience if users have to type in their password every single time.
Another is passwordless authentication takes less overhead than traditional methodologies.
Normally, users tend to set passwords that are easy to crack but hard to remember while account recovery support can be costly. Most support cases are related to lost and forgotten passwords.
Meanwhile, Magic uses blockchain-based, standardized public-private key cryptography to achieve identity management.
When a new user signs up for your service, a public-private key pair is created for them. Private keys are used to sign proofs of a user’s identity. That means your resource server will no longer need to store and manage to authenticate requests.
Last but not least, passwords are a major source of onboarding and conversion funnel friction. According to eCommerce websites, removing passwords can reduce the number of login or signup steps which can increase conversion rates.
Launched in 2018 by Sean, Jaemin, and Arthur with the original name Fortmatic, which is an SDK that enables users across the globe to interact with dApps using just their phone number, without requiring any extra installation.
The company then rebranded to Magic. On April 1, 2020, Magic launched on Product Hunt and reached #2 Product of the Day. The inspiration for Magic came from the extreme pains that dApp developers felt as well as the founders.
Magic Auth is a Whitelabel SDK that allows all kinds of dApps with full UX/UI customizability.
Magic Auth allows users to use simple methods like email, social logins, SMS, and WebAuthn on any desktop or mobile browser, without having to download extra software. Magic Auth can provide users and developers high conversion as well as low-friction Web3 onboarding.
The high-level end-user journey is as follows:
- A user visits Nifty’s.
- Users enter their email to log in / sign up.
- Checks Nifty’s login email, and clicks the Magic link.
- Users are securely authenticated into Nifty’s.
- A wallet is created behind the scenes via our non-custodial delegated key management system allowing the user to not have to manage a seed phrase.
Meanwhile, high-level developers receive benefits from:
- WWW Home.
- Sign up for free.
- Joins Magic includes creating an account and landing on Dashboard.
- Tries Login Form web demo with a low-code quick start.
- Explore Dashboard for passwordless, login methods, branding, users, features, and more.
- Add Magic Email/SMS login to an existing project.
- Explore Docs.
- API Keys.
- IDE/Local integration started.
- Add Google OAuth to an existing project.
- Integrate with the existing backend.
- Customize branding, logo, and theme.
- Add a credit card to unlock unlimited Monthly Active Users.
- Go live with Magic. To date, it has over 10 active users.
- Monitor growth in user signups, and conversion rate.
- Iterate auth or onboarding experience based on user feedback such as session length, login methods, and more.
Although Magic Connect is not released, it is another expected new product from the company. The coming product is in development focusing on secure sign-in and easy NFT checkout.
According to the company, high-level end-users are going to be given these features:
- Log in with a one-tap Google sign-in or passwordless email.
- Being successfully, securely authenticated.
- The ability to share their email address to the dApp requesting for engagement purposes.
- Pick their favorite NFT to purchase.
- A smooth NFT checkout experience.
- As the privacy landscape evolves, Magic continually develops privacy protections to provide the highest level of protection and rights for people across the world.
The company’s customer segments include Web3 startups to large organizations in verticals including NFT such as gaming, marketplace, tools & infra), DeFi, Gaming, Media, DAO, Events, and many more.
Passwordless authentication is increasing as the future of online security. Users no longer have to wrestle with remembering passwords for the ever-increasing number of services that they interact with thanks to delegating authentication to a user’s email, mobile, or hardware device.
Also, the idea of not requiring users to remember new passwords for multiple accounts helps to improve the level of trust in the authentication flow, which boosts engagement and satisfaction metrics.