Dev

Doing authentication right



By leveraging public/private key encryption and biometric scanners on your devices, passkeys are a great solution that users love. Does anyone prefer typing in a password to scanning your face or your thumb on a phone? No, no one does. Admit it — you love accessing your banking app via Face ID rather than typing that secure, arcane, hard-to-type password into that little keyboard.

Do use OAuth

Passkeys can be your sole means of authenticating users, but some users might prefer more traditional login methods. Once you have passkeys in place, you should implement OAuth authentication. OAuth is most commonly done via the “Login with Google” or “Sign up with Apple” buttons. Users like OAuth because it enables them to log in to your site without having to type a password or even create an account. You can offer login services from any number of popular sites including Google, Apple, Facebook, Microsoft, and GitHub. It’s a rare user indeed who doesn’t have an account on one of these systems. 

Another way to provide login is the use of “magic links.” A magic link is a link sent to the user, usually via email or text, allowing them to log in to your site merely by clicking on it. It is convenient in that the link can only be seen by the user and lasts only a limited time. The downside is that it does require the user to leave your site to check their email, but at least clicking on the link brings them right back.

You might have noticed that these recommended solutions don’t require your user to create an account on your site, or require them to remember a password, or require you to save any information about the user. You can provide secure and user-friendly authentication without knowing anything at all about your users.



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.