{"id":293,"date":"2021-03-04T09:17:23","date_gmt":"2021-03-04T09:17:23","guid":{"rendered":"https:\/\/blog.spike.sh\/2021\/03\/04\/why-we-went-passwordless\/"},"modified":"2025-06-07T10:49:24","modified_gmt":"2025-06-07T05:19:24","slug":"why-we-went-passwordless","status":"publish","type":"post","link":"https:\/\/blog.spike.sh\/why-we-went-passwordless\/","title":{"rendered":"Why We Went Passwordless on Our New Product"},"content":{"rendered":"\n\n\n<p class=\"wp-block-paragraph\">Passwords are dying. The cost of creating and maintaining passwords is becoming untenable. Which can be seen in the rise of users logging in with social products and developers outsourcing their pain to Auth0 and the likes. We decided to sidestep the password based authentication and went passwordless on our new product. Read on to see how you can go passwordless too.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"the-cost-of-passwords\">The cost of passwords<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Passwords create too much friction for users. It\u2019s becoming difficult to come up with passwords that satisfy the ever growing password strength requirements &#8211; minimum 9 characters, 1 number, 1 upper case, 1 special character etc. And with the rise of data breaches where hackers steal and sell password data on the internet, passwords are only really effective when you don\u2019t repeat them across different services. Which means you have to remember unique passwords or use a password manager.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Passwords are even more painful for developers to build and maintain. Imagine the work &#8211; 4 forms (signup, login, reset password, send forgot password link), storing passwords securely, managing email service providers for deliverability and spam scores. All this work just for the auth, which is not your core product and not what users come to you for. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"magic-links-the-solution-to-the-password-problem\">Magic links, the solution to the password problem<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">An elegant solution to this mess is authenticating users using magic links sent on email. We all use email anyway as a core part of our online identity and authentication. So instead of logging in with email and password, you enter your email and get a login link sent to you. You might have seen Slack do this.<\/p>\n\n\n\n<figure class=\"wp-block-image kg-card kg-image-card kg-card-hascaption\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/2Yx1vwl0CygQi3k1aT9iKXiAETGQmsfaNuE2uA4-KsTWrGKN-WjwAGQv_XwPOpv3zainHdNZ29jbxiJYBIbVo-iKPAE9BMHIkVlKZQgVFzJK0dxaoaoJmQ6a-k5UuKDmNecYiqZY\" alt=\"Slack popularised magic links for logging in\"\/><figcaption class=\"wp-element-caption\">Slack popularised magic links for logging in<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-we-went-passwordless-with-magic-link\">How we went passwordless with magic link<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">When we were building our new product, we didn\u2019t want to spend time building full blown password auth, so we decided on using magic links. And although the work involved building a magic link system is less than traditional auth, it is still valuable developer time spent on non-core plumbing. After some research, we found <a href=\"https:\/\/magic.link\">Magic<\/a> which provides magic links as a service. We loved the focus on security (the founders have built a security product in the past), the good design and the developer friendly docs. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The implementation involves a client SDK (for web and mobile) for showing the Magic overlay (screenshots below) and server code for managing sessions. We used the sample code provided to implement this. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"the-user-experience-of-magic-links\">The user experience of magic links<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Login form<\/p>\n\n\n\n<figure class=\"wp-block-image kg-card kg-image-card kg-card-hascaption\"><img decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/87Sh7Be5B83QExzyE2bF12OGsrTom6Lpw-haLYteMvUUaoFyZbe9FLozGgE1bcMgB7x0NyTThb0fj-uqwanGADb3OpA9x5srYvNqVGlKSvPoy9XvYR4xjDwEcKNKInFDNC8JUAqD\" alt=\"Incident timer - Sign up and Log in form\"\/><figcaption class=\"wp-element-caption\">Sign up and Log in form<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Email<\/p>\n\n\n\n<figure class=\"wp-block-image kg-card kg-image-card kg-card-hascaption\"><img decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/EtAzDiIBqb7SpaSTW6W3qRB5J7E7uq-ThWLXWPczkdIKIXXbhRK74OlQkFMrcTIkWXI5YJC7blPMl5qblW4wF5mM_JpFOicTIXy_rr0R9Ijn0dsSJv4O-a0xfFBJRs38F0MYlxfk\" alt=\"Incident timer - Magic link email\"\/><figcaption class=\"wp-element-caption\">Magic link email<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">You can try out the experience for yourself on our new product. It\u2019s a free timer for developers to keep track of major software incidents, built by the team who also built the simple <a href=\"https:\/\/spike.sh\">incident alerting<\/a> product for developers.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"conclusion\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">After using magic links as a developer and as a user, I loved the experience. There are still some hiccups as with any new technology, but overall this looks like the future. And I am quite excited to watch it unfold!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Passwords are dying. The cost of creating and maintaining passwords is becoming untenable. Which can be seen in the rise of users logging in with social products and developers outsourcing their pain to Auth0 and the likes. We decided to sidestep the password based authentication and went passwordless on our new product. Read on to [&hellip;]<\/p>\n","protected":false},"author":263547074,"featured_media":932,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_wpcom_ai_launchpad_first_post":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"{title}\n\n{excerpt}\n\n{url}","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_wpas_customize_per_network":false,"jetpack_post_was_ever_published":false},"categories":[1424],"tags":[],"class_list":["post-293","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-building-spike"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Why We Went Passwordless on Our New Product<\/title>\n<meta name=\"description\" content=\"Discover why Spike went passwordless\u2014see how magic links improve security, reduce friction, and simplify authentication for users.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.spike.sh\/why-we-went-passwordless\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why We Went Passwordless on Our New Product\" \/>\n<meta property=\"og:description\" content=\"Discover why Spike went passwordless\u2014see how magic links improve security, reduce friction, and simplify authentication for users.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.spike.sh\/why-we-went-passwordless\/\" \/>\n<meta property=\"og:site_name\" content=\"Welcome to Spike.\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-04T09:17:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-07T05:19:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.spike.sh\/wp-content\/uploads\/2021\/03\/cover-5.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2400\" \/>\n\t<meta property=\"og:image:height\" content=\"960\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Pruthvi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pruthvi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/why-we-went-passwordless\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/why-we-went-passwordless\\\/\"},\"author\":{\"name\":\"Pruthvi\",\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/#\\\/schema\\\/person\\\/2c9fa677c459b8f4fb26f1a02b90b5ec\"},\"headline\":\"Why We Went Passwordless on Our New Product\",\"datePublished\":\"2021-03-04T09:17:23+00:00\",\"dateModified\":\"2025-06-07T05:19:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/why-we-went-passwordless\\\/\"},\"wordCount\":534,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/why-we-went-passwordless\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.spike.sh\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/cover-5.png\",\"articleSection\":[\"Building Spike\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/blog.spike.sh\\\/why-we-went-passwordless\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/why-we-went-passwordless\\\/\",\"url\":\"https:\\\/\\\/blog.spike.sh\\\/why-we-went-passwordless\\\/\",\"name\":\"Why We Went Passwordless on Our New Product\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/why-we-went-passwordless\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/why-we-went-passwordless\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.spike.sh\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/cover-5.png\",\"datePublished\":\"2021-03-04T09:17:23+00:00\",\"dateModified\":\"2025-06-07T05:19:24+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/#\\\/schema\\\/person\\\/2c9fa677c459b8f4fb26f1a02b90b5ec\"},\"description\":\"Discover why Spike went passwordless\u2014see how magic links improve security, reduce friction, and simplify authentication for users.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/why-we-went-passwordless\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blog.spike.sh\\\/why-we-went-passwordless\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/why-we-went-passwordless\\\/#primaryimage\",\"url\":\"https:\\\/\\\/blog.spike.sh\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/cover-5.png\",\"contentUrl\":\"https:\\\/\\\/blog.spike.sh\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/cover-5.png\",\"width\":2400,\"height\":960},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/why-we-went-passwordless\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/blog.spike.sh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Why We Went Passwordless on Our New Product\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/#website\",\"url\":\"https:\\\/\\\/blog.spike.sh\\\/\",\"name\":\"Welcome to Spike.\",\"description\":\"In this space, our team talks about all things incidents, response, oncall, and share our journey of building Spike.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blog.spike.sh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/#\\\/schema\\\/person\\\/2c9fa677c459b8f4fb26f1a02b90b5ec\",\"name\":\"Pruthvi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e9476164464b4c9fb3455f2ee4879aad90f1790dce018e71caeaca2cbd548637?s=96&d=robohash&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e9476164464b4c9fb3455f2ee4879aad90f1790dce018e71caeaca2cbd548637?s=96&d=robohash&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e9476164464b4c9fb3455f2ee4879aad90f1790dce018e71caeaca2cbd548637?s=96&d=robohash&r=g\",\"caption\":\"Pruthvi\"},\"url\":\"https:\\\/\\\/blog.spike.sh\\\/author\\\/pruthvi\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why We Went Passwordless on Our New Product","description":"Discover why Spike went passwordless\u2014see how magic links improve security, reduce friction, and simplify authentication for users.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.spike.sh\/why-we-went-passwordless\/","og_locale":"en_GB","og_type":"article","og_title":"Why We Went Passwordless on Our New Product","og_description":"Discover why Spike went passwordless\u2014see how magic links improve security, reduce friction, and simplify authentication for users.","og_url":"https:\/\/blog.spike.sh\/why-we-went-passwordless\/","og_site_name":"Welcome to Spike.","article_published_time":"2021-03-04T09:17:23+00:00","article_modified_time":"2025-06-07T05:19:24+00:00","og_image":[{"width":2400,"height":960,"url":"https:\/\/blog.spike.sh\/wp-content\/uploads\/2021\/03\/cover-5.png","type":"image\/png"}],"author":"Pruthvi","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Pruthvi","Estimated reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.spike.sh\/why-we-went-passwordless\/#article","isPartOf":{"@id":"https:\/\/blog.spike.sh\/why-we-went-passwordless\/"},"author":{"name":"Pruthvi","@id":"https:\/\/blog.spike.sh\/#\/schema\/person\/2c9fa677c459b8f4fb26f1a02b90b5ec"},"headline":"Why We Went Passwordless on Our New Product","datePublished":"2021-03-04T09:17:23+00:00","dateModified":"2025-06-07T05:19:24+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.spike.sh\/why-we-went-passwordless\/"},"wordCount":534,"commentCount":0,"image":{"@id":"https:\/\/blog.spike.sh\/why-we-went-passwordless\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.spike.sh\/wp-content\/uploads\/2021\/03\/cover-5.png","articleSection":["Building Spike"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/blog.spike.sh\/why-we-went-passwordless\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/blog.spike.sh\/why-we-went-passwordless\/","url":"https:\/\/blog.spike.sh\/why-we-went-passwordless\/","name":"Why We Went Passwordless on Our New Product","isPartOf":{"@id":"https:\/\/blog.spike.sh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.spike.sh\/why-we-went-passwordless\/#primaryimage"},"image":{"@id":"https:\/\/blog.spike.sh\/why-we-went-passwordless\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.spike.sh\/wp-content\/uploads\/2021\/03\/cover-5.png","datePublished":"2021-03-04T09:17:23+00:00","dateModified":"2025-06-07T05:19:24+00:00","author":{"@id":"https:\/\/blog.spike.sh\/#\/schema\/person\/2c9fa677c459b8f4fb26f1a02b90b5ec"},"description":"Discover why Spike went passwordless\u2014see how magic links improve security, reduce friction, and simplify authentication for users.","breadcrumb":{"@id":"https:\/\/blog.spike.sh\/why-we-went-passwordless\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.spike.sh\/why-we-went-passwordless\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/blog.spike.sh\/why-we-went-passwordless\/#primaryimage","url":"https:\/\/blog.spike.sh\/wp-content\/uploads\/2021\/03\/cover-5.png","contentUrl":"https:\/\/blog.spike.sh\/wp-content\/uploads\/2021\/03\/cover-5.png","width":2400,"height":960},{"@type":"BreadcrumbList","@id":"https:\/\/blog.spike.sh\/why-we-went-passwordless\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.spike.sh\/"},{"@type":"ListItem","position":2,"name":"Why We Went Passwordless on Our New Product"}]},{"@type":"WebSite","@id":"https:\/\/blog.spike.sh\/#website","url":"https:\/\/blog.spike.sh\/","name":"Welcome to Spike.","description":"In this space, our team talks about all things incidents, response, oncall, and share our journey of building Spike.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.spike.sh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/blog.spike.sh\/#\/schema\/person\/2c9fa677c459b8f4fb26f1a02b90b5ec","name":"Pruthvi","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/e9476164464b4c9fb3455f2ee4879aad90f1790dce018e71caeaca2cbd548637?s=96&d=robohash&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e9476164464b4c9fb3455f2ee4879aad90f1790dce018e71caeaca2cbd548637?s=96&d=robohash&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9476164464b4c9fb3455f2ee4879aad90f1790dce018e71caeaca2cbd548637?s=96&d=robohash&r=g","caption":"Pruthvi"},"url":"https:\/\/blog.spike.sh\/author\/pruthvi\/"}]}},"modified_by":"Sreekar","jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/blog.spike.sh\/wp-content\/uploads\/2021\/03\/cover-5.png","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pfMe4Q-4J","_links":{"self":[{"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/posts\/293","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/users\/263547074"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/comments?post=293"}],"version-history":[{"count":3,"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/posts\/293\/revisions"}],"predecessor-version":[{"id":1823,"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/posts\/293\/revisions\/1823"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/media\/932"}],"wp:attachment":[{"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/media?parent=293"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/categories?post=293"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/tags?post=293"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}