Feature:
Completely Passwordless Auth with WebAuthN, SMS and Email
Description:
The ability to go completely passwordless using WebAuthN, SMS or Email.
There would be two auth flow options:
Biometrics
User enters email/mobile number
User receives MFA code to email/phone number
User enrols device for Biometric auth (WebAuthN)
User is authenticated
Magic link
User enters email/mobile number
User receives MFA code to email/phone number
User receives auth link to email/phone number
User visits link and is authenticated
Use-case:
My company are building a crypto wallet and security is the biggest concern. Passwords are not safe and reliable forms of authentication. The ability to go completely passwordless would ensure a higher level of security for our app and customers.
I just found out the New Universal Login Experience doesn’t support Passwordless SMS and Email features. This is a major downside to the product. I would like to have an authentication flow that is completely passwordless.
Hi Dan, our company requires this feature too. - Universal Login Experience doesn’t support Passwordless SMS. Could you please update us when this feature will be on your roadmap.
Latest Auth0 roadmap says Q1 2023 (Feb-April) includes “Passwordless flows for Univeral Login”. We’ve been waiting a long time for this, and are super keen to use it in Universal login. (Early access would be great Auth0 team! Note: we’re also an enterprise customer).
Also in Auth0’s Q1 roadmap is “FIDO passkey - Beta”. Given PassKeys is now supported in Apple’s iOS16/MacOS Ventura, and coming soon to Microsoft Windows/Edge and Google’s Android/Chrome, this can’t come soon enough!
@dan.woda having turned on the newly-supported email+passwordless option now available in the naive Universal login flow (), we couldn’t understand why WebAuthn wasn’t working, in exacty the same way it would for email+password – especially as Auth0’s own UI shows that password or passwordless 1FA enjoys the same logic flow (as would be expected).
Surprisingly, WebAuthn simply doesn’t work for 1FA with email passwordless activated. Auth0 team, will this be fixed soon? (We’re especially looking forward to the forthcoming PassKeys support, but unless WebAuthn is fixed for passwordless, I suspect this will also not work).
), we couldn’t understand why WebAuthn wasn’t working, in exacty the same way it would for email+password – especially as Auth0’s own UI shows that password or passwordless 1FA enjoys the same logic flow (as would be expected).