With password policies becoming harder to deal with and way too many different passwords across systems, it becomes difficult to track them and thus sign-in experience of a user is affected. Let's find out the magic behind smooth sign-in experience for our users!
Introduction
In today's world, we have accounts on multiple platforms. Right from your social media, to office tools like slack, to all the sites we use to make our day to day work easy, like booking a plumber or a doctor, to ordering your groceries, there is a account associated with each of them. If you use Google / Facebook to sign in to these platforms, it's easy, but not everyone wants to link their gmail to all the sites. Now other option is to have limited set of passwords and use it across sites so that it's easy to remember them. But again it's a security threat. Ideally one should use different credentials for different platforms. With password policies becoming harder to deal with and way too many different passwords across systems, it becomes difficult to track them. And using any password manager is adding a bit more friction to the sign up flow.
As a platform provider, it's our duty to provide a seamless experience to our customer without them having to worry about remembering those complicated passwords. Here comes the magic - Magic Links.
What is a Magic Link
A magic link is a url, with encoded user information, which can be used to validate a user. A user could request for generation of a magic link, and it will be sent to their email and can be used to directly sign in to your platform. No need to remember any credentials! Just once click and your are into the system
Features
A magic link should have following features
- A user should be able to generate it and only they should have access to the magic link.
- Magic link should have expiry associated with it. So that unused links are deactivated automatically
- There should be a limit on number of magic links that could be generated by a user in a particular time interval. This is to prevent others from bombarding your inbox with all the magic links
Implementation
This is the flow we want to achieve
User Enters Email -> Magic Link is sent to Email -> Clicks & gets into the platform
Step 1: User enters her email and clicks generate Magic Link
The system will create a url with user information encoded in it - we call it Magic Link. This magic link will be sent to user. This is done so that only user, who has access to her email will be able to use the link. Expiry is set for the magic link in the system, so that link is valid only for certain time interval
Step 2: User goes to her email and clicks on the link
When user clicks on the link, system will extract the user information and validates the user. If user information is not valid or if link has expired, user will be denied access. If user is valid, they will be signed in to the platform
Conclusion
At Kubric, we have option of sign-up with google or with your own email and password. Although, majority of our users uses their google account to sign-up, there are few users, who use email & password. We wanted to ensure, that all our users should have a hassle free experience while coming on to our platform and after implementing Magic Link for sign-in, all our users have started loving our platform even more!