Make passwords disappear with a touch of Magic
Start new thread
Chris Messina

Magic - Make passwords disappear with a touch of Magic

by
Raycast
Passwords are the bane of app security. With a few lines of code and no bloat, Magic lets you build apps with blazing-fast, customizable, passwordless login - with future-proof crypto and identity tech under the hood.

Add a comment

Replies

Best
Jory Shi

Magic is a breath of fresh air in app security! Its passwordless login solution is not only fast and customizable but also future - proof, getting rid of the password headache once and for all.

Sean Li
Maker
@lyondhur No need to apologize and thank you for the transparency! We started with email links because it's the easiest way to have mainstream users get started. The goal is to practice progressive disclosure and eventually help these users graduate into more sophisticated form of login, such as WebAuthn and mobile authenticator app instead of emails. Under the hood, Magic uses decentralized identity (DID), so developers only need to deal with DID tokens (signed by user private keys) in order to allow users to access their backend resource server, and the front-end key management form-factor can be very flexible (magic links, mobile authenticator, or webauthn etc.) without having to change the backend code! It's in a way kind of like the Docker of auth 😆
Tem Nugmanov
This is sweeet! What do you guys think of something like https://www.typingdna.com/?
Sean Li
Maker
@temirlan just checked out the site, in our case, there will be no password required to login, so one of the major use case is not quite applicable. But seem like It can also be useful for MFA and credit card payment - will def keep an eye on it!
Nate Geier
Using formatic for our NFT fiat onboard ramp on https://mintbase.io really helped a ton.
Ruth Adewumi Seun
It nice and it cryto
Sterling Chipman
Is this only for blockchain based applications or is it more general? Also, it's SOC2 compliant and meets WebAuthn criteria, correct?
Zak J
Great .. I cannot understand how the "forgot password" functionality is replaced here.
Zak J
You mentioned that the private key is backed up in Amazon cloud without your system intervention. How could the user retrieve his private key in case he lost his device for example. There should be some mechanism for the user to login to Amazon service himself, correct? Storing and managing the private key is the most important part here as to my understanding, and this is not clear to me :)
krishna d
how different is it from creating a temp session for the user email and emailing the temp session in the URL? genuinely trying to understand if sending a link with a session is insecure/bad
jølly🔥good
1. Why would I share my customers data with 3rd party when password/2fa are pretty well tested workflows/implementations? 2. GDPR compliant? 3. If slack used your service - how much would it costs for them monthly? (12M active users) - I cannot login to my email right away from the phone (for example) - without 2FA token (for security reasons) - so link based passwords are pain to use. Nevertheless, you basically move the whole threat from passwords maintenance on the shoulders of the email - "congratulation"
Joshua Dance
Magic has nice pricing for startups. Free for first year, and half off 2nd year. Wrote about why that is genius here. https://twitter.com/JoshDance/st...
First
Previous
•••
567
Next
Last