Magic-Link Authentication
A passwordless authentication method where users receive a single-use sign-in link via email, eliminating password management and reducing credential-theft attack surface.
What Magic-Link Authentication means
Magic-link (or 'passwordless email') authentication issues a single-use, time-limited sign-in URL to the user's verified email address. Clicking the link authenticates the session without requiring a password. Common implementations (Supabase Auth, Auth0, Stytch, Clerk) generate a JWT or session token bound to the originating browser, valid for a short window (typically 1–15 minutes). Security advantages include: no password to leak in a credential-stuffing attack, no password reuse across services, lower phishing surface for password-form impersonation, and lower customer-support burden for password resets. Disadvantages include dependence on email delivery latency and the user's email account security. AuditSocials uses Supabase Auth magic-link as the sole end-user authentication method.