Passwordless Login Questions
-
Hi,
When using the hosted Passwordless login pages, is it possible to prepopulate the email address from something passed via the state parameter?
The only reason I want to do this is because I want to check if a user exists in an old system before attempting the sign in.
What is the recommended way of performing account recovery when using passwordless login only?
Regards
Alan -
@alan-rutter When it comes to account recovery in a passwordless login system, the most recommended method is to use a self-service approach. This means allowing users to recover their accounts themselves, which not only saves administrative costs but also saves the user's time. The simplest form of account recovery, and the one most amenable to automation, is a “forgot password” flow. This should be part of any Customer Identity and Access Management (CIAM) system.
In the context of passwordless authentication, this could involve sending a one-time code or a magic link to the user's registered email or phone number. The user can then use this code or link to authenticate themselves and regain access to their account. This method is secure and user-friendly, as it does not require the user to remember any passwords.
For more information, you can refer to these articles on account recovery and passwordless authentication.