Feature request: Completely Passwordless Auth with WebAuthN, SMS and Email

sukh · March 14, 2022, 11:17am

Feature:
Completely Passwordless Auth with WebAuthN, SMS and Email

Description:
The ability to go completely passwordless using WebAuthN, SMS or Email.
There would be two auth flow options:

Biometrics

User enters email/mobile number
User receives MFA code to email/phone number
User enrols device for Biometric auth (WebAuthN)
User is authenticated

Magic link

User enters email/mobile number
User receives MFA code to email/phone number
User receives auth link to email/phone number
User visits link and is authenticated

Use-case:
My company are building a crypto wallet and security is the biggest concern. Passwords are not safe and reliable forms of authentication. The ability to go completely passwordless would ensure a higher level of security for our app and customers.

I just found out the New Universal Login Experience doesn’t support Passwordless SMS and Email features. This is a major downside to the product. I would like to have an authentication flow that is completely passwordless.

dan.woda · March 14, 2022, 7:53pm

Thanks for the feedback!

shreyas.purohit · April 28, 2022, 11:35pm

Hi Dan, our company requires this feature too. - Universal Login Experience doesn’t support Passwordless SMS. Could you please update us when this feature will be on your roadmap.

dan.woda · April 29, 2022, 2:24pm

Hi @shreyas.purohit,

We are expecting it towards Q4 this year, but it is possible that timeline could change.

evp · July 15, 2022, 6:54pm

@dan.woda Is this still on track for Q4?

dan.woda · July 18, 2022, 3:35pm

@evp,

It looks like the target has been pushed to Q1. As I mentioned, it’s still possible this target could change.

adam.ard · September 14, 2022, 2:47pm

Is there any roadmap we can subscribe to for updates on this?

dan.woda · September 14, 2022, 3:47pm

@adam.ard

This is the best place to find updates on this item.

Thanks

dco888 · September 17, 2022, 1:47am

Latest Auth0 roadmap says Q1 2023 (Feb-April) includes “Passwordless flows for Univeral Login”. We’ve been waiting a long time for this, and are super keen to use it in Universal login. (Early access would be great Auth0 team! Note: we’re also an enterprise customer).

Also in Auth0’s Q1 roadmap is “FIDO passkey - Beta”. Given PassKeys is now supported in Apple’s iOS16/MacOS Ventura, and coming soon to Microsoft Windows/Edge and Google’s Android/Chrome, this can’t come soon enough!

dco888 · March 22, 2023, 11:52pm

@dan.woda having turned on the newly-supported email+passwordless option now available in the naive Universal login flow (), we couldn’t understand why WebAuthn wasn’t working, in exacty the same way it would for email+password – especially as Auth0’s own UI shows that password or passwordless 1FA enjoys the same logic flow (as would be expected).

Surprisingly, WebAuthn simply doesn’t work for 1FA with email passwordless activated. Auth0 team, will this be fixed soon? (We’re especially looking forward to the forthcoming PassKeys support, but unless WebAuthn is fixed for passwordless, I suspect this will also not work).