Auth0 has a passwordless login service among others. Could Bubble implement a plugin for Auth0? Or maybe it would be easier to implement a duplicate service in Bubble. @Emanuel I think this would be a great addition to Bubble either way.
We’ve looked into it, it’s unfortunately not straightforward as they don’t package this is a traditional OAuth2 service. Not easy to add.
Too bad. What about just adding your own passwordless option since Bubble already has its own user authorization/login
That’s the kind of things we can look at on a sponsored basis. That’s not a small project unfortunately.
Awhile back I wrote about how to create a password-less account system, you can check it out here. I can’t really recommend that approach anymore, but it can get you in the right direction. Will be releasing a new approach when I can and hopefully not a long as the previous article.
For what reasons can’t you recommend it @ryan?
From what I understand and have tested, it is still a safe* option to go with. However, we are essentially pushing back the password and email login to the email provider, so we can’t be sure about how safe it is on their side. However, if the method is followed right, it does as much as possible to prevent vulneriabilities. The reason I can’t fully recommend that method it becaue there is a much simpler method, many of the steps are redundant.
* with in reason.
Great article Ryan, I am going to try out your method. For my case if someone is able to break in they get nothing of great value and someone who reuses pass words won’t be storing them in my app. That eliminates the main vulnerability.I will report how it works out.
Thanks for clarifying @ryan. Aha, an updated method.
My programmatical knowledge of password security is not at expert level, but social engineering is most likely the easiest way to get hold of specific passwords for any given user. In my book, traditional passwords need to go fastest possible. They are bad on many levels considering the many hundreds of services everyone uses today. It’s not viable any longer if you want to follow updated standards (long unique alpha numerical special character passwords).
I hacked together what I think is a passwordless authentication system in Bubble. What do you think? Passwordless authentication
@emmanuel Is this sort of thing still off the table unless sponsor supported? It seems like something more of an evolution in authentication standards rather than a “nice to have”, nowadays.