|
|
|
|
|
|
by reilly3000
1929 days ago
|
|
|
We use 6 digit codes via email for passwordless. The login links typically just have a code parameter anyhow, and at least Auth0 allows for both. We opted for codes vs links because links add all kinds of session-based issue across browsers and devices. People are able to login on desktop with a code they read in their mobile email, etc. As others have noted, passwordless does hinge on email deliverability and that hasn't been easy to nail. That said, almost all login flows tend to rely on email delivery for both verification and password resets. For those used to the convenience of password managers, its an extra step that can add friction. Longer sessions help. |
|
|