Why Email Only Auth Is More Secure

preview_player
Показать описание


🌎 Find Me Here:

#Shorts
  1. Web Dev Simplified
  2. webdevsimplified
Рекомендации по теме
Why Email Only 0:00:53

Why Email Only Auth Is More Secure

What Is Email 0:12:00

What Is Email Only Authentication - Magic Link Auth

We need to 0:07:49

We need to talk about email and password auth

'Basic Authentication' in 0:05:07

'Basic Authentication' in Five Minutes

STOP using this 0:05:05

STOP using this Two-Factor Authentication (2FA) method!

Add Login/Auth to 0:13:36

Add Login/Auth to your React app in 5 mins

How To Use 0:38:18

How To Use The Email Provider - Auth.js

Google OAuth 2.0 0:05:04

Google OAuth 2.0 Login for React in 5 minutes

Difference between cookies, 0:11:53

Difference between cookies, session and tokens

Auth | Firebase 0:08:07

Auth | Firebase | Email Verification // Tips from a Self Taught Developer

Confirmation Email with 0:09:49

Confirmation Email with Node.js

Laravel Auth::attempt($credentials) not 0:08:14

Laravel Auth::attempt($credentials) not working | How to login with user email and password tutorial

How to set 0:02:02

How to set up authenticator on a new phone | Azure Active Directory

Getting started with 0:15:48

Getting started with email/link auth on iOS

🔒📱 Google Sign 0:09:49

🔒📱 Google Sign In • Flutter Auth Tutorial ♡

Customize Laravel Auth 0:02:42

Customize Laravel Auth Redirect: From Login to Register

Asymmetric Encryption - 0:04:40

Asymmetric Encryption - Simply explained

Multi-Step Password Auth 0:11:22

Multi-Step Password Auth with Firebase and Reactive Forms

Laravel Auth Login 0:04:37

Laravel Auth Login With Username Instead of Email

Flutter Firebase Auth 0:17:12

Flutter Firebase Auth | Email Sign In/Sign Up Authentication | Flutter App development

Basic auth using 0:03:06

Basic auth using invite email supabase

Modern Auth for 0:21:00

Modern Auth for Email (O365 and G Suite) in CSM 10.1

Flutter OTP Verification 0:03:34

Flutter OTP Verification Screen

🔒📱 Email Login 0:16:00

🔒📱 Email Login & Logout • Flutter Auth Tutorial ♡

Комментарии
Автор

Everybody chillin’ until you login into your email account this way 😂

nico_qwer
Автор

Would be simple if sending mail would be simple.
Setting up a mail server ( Postfix + DKIM + SPF + DMARC ) is enough pain as it is, but once some providers blacklist you randomly, your auth is done.
Also as others have pointed out, training your users to click random links in emails is a recipe for disaster.
It's not a good idea to introduce a dependency on thirds parties for your auth. Remember when Google auth dropped for half a day?
Select your usecase carefully, for auth there is no golden path.

deimiosxxx
Автор

I came across the first site that demanded I now login this way. I deleted their information from my password manager and I'll never go back there again.

fed-yum
Автор

Perfect timing. Need to implement this on a project. Thanks!

TheGarageboyz
Автор

But it will give hackers more chance of fishing attacks...with a fake link

vella
Автор

Nice how it removes a level of liability on your end. Even if your site got hacked and db dumped there wouldn't be any password hashes. Would probably generate a lot of customer service emails from users never getting a login email for whatever reason. It would be good to have an SMS backup option where it texts them the url.

MikeDest
Автор

That's exactly how Vercel logs you in. Cheers!

sasikantht
Автор

There are trade-offs for all forms of MFA. I could just as well argue that SMS MFA is just as secure. Both have the risk of being hacked by a targeted attack. Both are usually under direct control of the user trying to authenticate as well. There is always a trade-off over security and usability.

chbrules
Автор

2 negative points: it's the same as using the same password for a service and email. If they got into your email, the service is immediately comprised as well. And it's really inconvenient for the user

borstenpinsel
Автор

So the token will be sent in the url? Or bases on that token another token will be created that will be sent to the user?

meet
Автор

Medium does this with their login. It's great until you are trying to login to medium on your work computer to read articles that are relevant for work and your place of employment blocks gmail so you can't get to the link that medium just sent. "Except for that bit at the end Mrs Lincoln, how did you enjoy the play"?

GreggObst
Автор

That’s _ok_ but I still sorta prefer when folks support multi-provider OAuth, e.g. Google, Apple, etc. Then I don’t have to create an account *and* importantly I _also_ get 2FA (in my case via Google). That 2FA is also more secure than typical SMS/Email since it uses app (ideally it’d be rolling code or something, but oh well). Then, password based auth as a failover with authy/authentication app 2FA, but I understand not all users are savvy enough to understand how to use/support that.

patricknelson
Автор

Much easier to compromise one credential (email) than it is infinite (if you use a password manager) and the UX for going to email is absolutely horrible.

Please STOP doing things because we can, do things because we should.

trollingdirty
Автор

Mobile 2 factor is pretty good when you use a cloud phone number.

PostMeridianLyf
Автор

What about implementing both? Wouldn't that be even more secure?

JerryNoel
Автор

Wouldn't it open a chance for someone to spam a certain email address?

anggoran
Автор

It’s not good if you want to verify one real person per account though.

chrtravels
Автор

There goes alitle bit more than that but basic explanation is ok

funnyanimalworld
Автор

if you do that user and developer have to hide that email and email is always more easy to find. I don't think that's more secure. Because hiding email is hard, everyone's email is saved somewhere.

haliszekeriyaozkok
Автор

a good name would be (exclusive 2 Factor Authentication) E2FA

anasouardini