Most of us think of magic links when we hear "passwordless", but I'm trying out a different approach. What if we require our users to SEND an email for authenticating?
I've been experimenting with this idea recently and actually got around to building a prototype. This system will work as a SaaS (similar to Auth0) aimed at developers to implement authetication in their sites/apps.
The concept is pretty simple. Use mailto HTML links to open the default email app prefilled with a generated auth code. User then taps send, waits for the email to be processed and he's in.
There are some pretty cool benefits to this method:
-
user doesn't have to type in not even their email addresses (infered from the received email)
-
most email clients also send firstname/lastname with the email address, so signing up to a website that requires email, firsname, and lastname simplified
Spoof protection is done via email DKIM.
Here's a gif with how this works:
If you want to try it out for yourselves, here's the website
https://nova-authenticator.com/
What do you guys think? Is this something that could catch on? Is it a viable alternative to existing systems?