Big tech going passwordless. Any indie hackers doing the same?
While Github is adding 2FA, tech giants are going the other direction and removing passwords. Anybody else doing the same? Nod to @j01b01 for linking me to it.
Trending on Indie Hackers
This is cool - thanks for sharing.
I implemented sign-in via email link (using Google Identity Platform), which isn't quite as frictionless as FIDO, but is passwordless as well. AWS Cognito supports this too, and presumably other providers.
That's awesome. Are your users liking it? Is your product for technical users or non-technical? It seems like technical would be up for that but some non-technical users might be thrown off...
Too early to know what my users think, but there aren't many downsides.
As a user, the first time I encountered email link login, I was a bit thrown off. No password? Is my account even protected? But as others have said, with increasing popularity of the mechanism, this ceases to be a problem.
Google's documentation lists a number of advantages of email sign-in:
Nice, thanks for sharing!
I am. I launched https://superblog.ai without a signup form cause I prefer a passwordless approach. Received some flake from few people, but till date there is only "Login with Google" and "Login via Magic Link".
How's it working out so far?
It is going great. Most people love it!
Yep: We use emails with signin links using Mailersend. We also support OAuth for connecting to people's cloud accounts, but mails seemed like a nice simple solution for our account sign-in.
Nobody has complained about it yet, so I'm going to assume it works for people. ;)
Sounds like it, nice!
Hey! @inmypjs thanks for the mention. Hopefully it's implemented before Github's 2FA requirement.
I think it's a matter of time before this change flows down to smaller companies. Seen this several times: Big companies X, Y Z do something => smaller companies take notice and do the same.
This would even be faster for passwordless logins IMO because many people log-in to Apple/Google/Microsoft consistently and this will create an "expected way of doing things".
Totally agree. Probably a good idea to get ahead of the curve!
Seems like a no-brainer to me
We're also slowly transitioning to a passwordless solution, although it has some drawbacks for non-technical people because they can be uncomfortable about it, but there is so much room to improve overall security.
Most people probably reuse the same password on multiple websites which might not be the smartest choice 😅. So signing up with an email link would prevent that behaviour and you would automatically have verified the users email as well, which is a nice side-effect.
Well said!
I implemented a login via email link on TabWhale, but some users didn't like it. Having to open your email and click a link is not as straightforward as a social or user + password login. Also, it's unconventional, since the majority of sites use other methods.
But I like it, it's one less password to memorize.
I think it'll become increasingly normal, then you'll get fewer complaints
I have implemented passwordless sign in for my app usewildfire.com using Magic.link and so far, its going good. I don't have many users to ask whether they like it or not. I implemented it because i loved signing in via email id instead of remembering password for each site.
Nice, glad it's working out for ya! Has it had any impact on your numbers — retention, etc.?
I don't have any idea on that unfortunately because I have been using magic.link from day 1.
But what I do know(from my logs) is that all my users have signed quite quickly(within just a few seconds).
Nice!
How long till it's available for the small fish? 5 years?
That's a good question. Sounds like a lot of indie hackers are opting for magic links though, so that could help for now.
It’s a low priority. I have 2FA. I also use identity provider services like aadb2c that manages the login process consistently
Why do you use 2FA? Does your product handle very sensitive data?
Some projects are in healthcare space
Makes sense.
Yep! But I use a simple WP plugin to manage it - it provides an email link to login.
Nice, what's the plugin?
It's called passwordless login. I've just started using it, and haven't pushed it to live yet, but so far it has worked perfectly
👍