Byepass - Passwordless login

The site has almost no information... can you go into detail about how this is multi-factor?

If your website or app asks people for an email and password to login, you NEED to use Byepass now!

So this is what Medium does with passwords (there are non, they send you a link per email every time you wanna log in) but you can integrate it in any site, right? I only see the Wordpress integration advertised on your website though, can we use it on others?

If someone has access to your email, would you ever know if they were logging into your accounts via Byepass?

Where were you when I painstakingly built this myself? 😤 Also, how did you implement the cross-site session? 👀 cuz that got me stumped.

How it's in compare to accountkit.com?

"Byepass sends users a magic link via email for authentication, then creates a cross-site session so they can login instantly to other websites/app that use Byepass." So I guess emails like Outlook, Gmail etc could not use this. LOL

If you were to add an option to replace the email login with Digi-ID, this would be AWESOME, plus it would protect against the possible (though unlikely) situation of someone breaking into your email account to login. http://www.digi-ID.io

But.. to log in to my email I'd.. still need a password? If every other site I visit used Byepass, then if you just had my email password, you'd be able to sign into anything of mine. Just seems like the end case is still putting all your eggs in one basket, no?

Great product! I've implemented a similar solution on one of my project https://whenitsd.one Which e-mail delivery system are you using and how do you cover the cost? The main concern I would have is to have to share the e-mail of my user with a third party service, however from my experience making sure the sender reputation score is high would be a reason to use a third party service. Signin using e-mail is great but the e-mails needs to arrive and managing properly bounces and spam reporting is really a hassle. I really like that the e-mail you receive mention the platform and browser. This is a nice useful touch. Unfortunately I tried to register on the website but couldn't signup. After receiving the e-mail abd click on the "Authorise the request" link I got an error: "Challenge not found"

When I requested a log in to developer area (which I assume is how any Byepass login would work) on my mobile, I thought it had not worked and having tried it on my desktop I now realize what had happened.

I did not realize that the original screen I had logged into had changed to show the contents because the mobile window/ screen telling me that the challenge had worked was blocking it (even though it was still there).

I presume that your use-case is that a user would request login on a desktop and then authorize the email challenge on their mobile. In this case it would work perfectly as the the original descktop login request would be showing logged in content.

Pros:

very low friction for the user, very intuitive for the developer

Cons:

Its confusing in that the challenge result window/screen is redundent and you have to go back to the original window/screen esp on mobile

tried using this, how come when entering the email on a wordpress site, i get redirected to a different site that i dont own? (bassunit)