A magic link is a form of passwordless login. It allows users to log in to an account using a link that is sent to them by e-mail or text message, for example.
Magic links can help users who have problems entering their password correctly or increase user convenience. The method is not as magical as the name implies, but a code via a link that makes logging in quick and easy for users.
Instead of a username and password, the user simply enters their e-mail address each time they log in. The application then generates a link with an integrated token and sends it to the user by e-mail. When the user opens the e-mail and clicks on the link contained therein, a new browser window opens and, with the token integrated in the link, the user is directly authenticated and authorized and can then access the application. The link then loses its validity and cannot be used for another login. Instead, the user must request a new link.
The validity of a link is often 60 minutes. To further increase security with this login method, we at Engity have added an extra challenge. Immediately after entering their e-mail address, the user is shown a security code in the open browser window. If the user clicks on the link in the e-mail they received, they will be presented with a selection of possible codes and must select the correct code that was previously displayed in order to pass the challenge and gain access. This prevents criminals from sending magic link requests in the hope that the victims will mistakenly confirm these requests.