Let's start with a couple of fundamentals about email-based authentication.
- Sending an email to authenticate = Magic Message
- Receiving an email to authenticate = Magic Link
Email is the most ubiquitous identifier and mechanism for authenticating users without passwords. We've seen email-based passwordless authentication grow in popularity as big technology companies such as Slack and Medium, to name a few, began to adopt what has become known as the Magic Link (receiving an email to authenticate). In this authentication flow, a user enters their email email address to request a Magic Link, which the authentication service delivers via email. Once a user receives that email, they open the email and click on the link to complete the authentication.
Before we move on, we must address the inherent challenges with email deliverability that the Magic Link could experience—regardless of whether you choose to build a Magic Link solution on your own or adopt a service like Swoop to provide it on your behalf.
- Speed of delivery
- Inboxing vs. spam/junk
While the Magic Link was and remains a major improvement over a traditional username and password strategy (hence why Swoop offers this solution), the challenges that exist with email deliverability got us thinking that there must be a better way. This led us to develop the Magic Message (sending an email to authenticate).
The Magic Message is similar to the Magic Link, in that it's email-based and passwordless. But rather than waiting for an email, we put the control in the user's hands; they send a secure email in, as little as 2 clicks, to the Swoop authentication service to request authentication.
As we designed the Swoop service we had a keen eye on how to quickly (and securely) setup (authenticate) users so that they can experience true 1-click connect from that point forward. We believe Magic Message provides an optimal solution the builds upon the strengths of the Magic Link while minimizing the challenges of email deliverability.
Updated about 2 months ago