All Collections
What is Credentially?
Passwordless Login on Credentially
Passwordless Login on Credentially
Irina Zadrutskaya avatar
Written by Irina Zadrutskaya
Updated over a week ago

What are Passwordless Logins?

This is a method for users to securely access Credentially using a unique, one-time-use link sent to the user's email address.

When you sign in to the Credentially platform, you will be prompted to enter your email address, then open your inbox to access the one-time-use sign in link.

This "magic link" is a secure way to authenticate and identify yourself as a valid user. Clicking on the "magic link" will take you back into the Credentially platform with a successful sign in.

How is this secure?

When the user submits their email and requests a magic link for login, the Credentially system performs a check to see if the email is tied to a valid user account.

If the email is tied to a valid user account, then Credentially platform sends an email to the submitted email address. This means that only the user who has access to the submitted email address can access the magic link.

A few more reasons "magic link" is secure:

  • The link sent to the user can only be used once

  • The link expires after a maximum of 30 minutes

  • Credentially does not collect or store passwords so it can never be compromised. Nor can a compromised password that is re-used by user across multiple platforms/sites be used to gain access to the Credentially platform

  • Access does not work without an access to the user's email account

What are the advantages to Passwordless Logins?

Passwords are difficult to remember and keep updated. As a result, many users reuse passwords across different accounts. If an account with a shared password becomes compromised, this means the other accounts with that same password may also be compromised.

Furthermore, typing in passwords on-the-go on a mobile keyboard can be difficult, especially if they're complex. Credentially's "magic link" login allows users to securely log in without having to remember or type in a password on their mobile device.

Is it standard?

Passwordless logins are becoming more popular as it offers a secure way to ensure the identity of an individual and removes security issues associated with password authentication. It is also providing users with a more fluid and friendlier experience. Companies such as Microsoft, Slack and other global organisations, have passwordless login for applications.

You have also been using magic links for years. Password reset functionality that you find on websites uses the same concept. Reset links provide you with access to your account so that you can change the password without needing the previous password.

Credentially takes security extremely seriously and is Cyber Essentials+ and ISO270001 complaint.

Did this answer your question?