Let's start with a couple of fundamentals about email-based authentication.
- Sending an email to authenticate = Magic Message
- Receiving an email to authenticate = Magic Code
Email is the most ubiquitous identifier and mechanism for authenticating users without passwords. We've seen email-based passwordless authentication grow in popularity as big technology companies such as Slack and Medium, to name a few, began to adopt what has become known as the Magic Link (receiving an email to authenticate). In this authentication flow, a user enters their email address to request a Magic Link, which the authentication service delivers via email. Once a user receives that email, they open the email and click on the link to complete the authentication. Swoop has evolved a more secure form of Magic Link, called Magic Code. Instead of users clicking on a link they may be unsure about, we email them a secure code, which they can then enter into the site they're authenticating with.
Before we move on, we must address the inherent challenges with email deliverability that the Magic Link or Code could experience—regardless of whether you choose to build a Magic Link or Code solution on your own or adopt a service like Swoop to provide it on your behalf.
- Speed of delivery
- Inboxing vs. spam/junk
While the Magic Link and Code was and remains a major improvement over a traditional username and password strategy (hence why Swoop integrates Magic Code as part of a complete solution), the challenges that exist with email deliverability got us thinking that there must be a better way. This led us to develop the Magic Message (sending an email to authenticate).
The Magic Message is similar to the Magic Code, in that it's email-based and passwordless. But rather than waiting for an email, we put the control in the user's hands; they send a secure email, in as little as 2 clicks, to the Swoop authentication service to request authentication.
As we designed the Swoop service, we had a keen eye on how to quickly (and securely) set up (authenticate) users so that they can experience true a One-Click connection from that point forward. We believe Magic Message provides an optimal solution that builds upon the strengths of the Magic Link and Code while minimizing the challenges of email deliverability.
Updated 8 months ago