Auth & identity
June 2, 2022
Author: Stytch Team
Online authentication is continually evolving. Initially, authentication required only a username and password. Today, measures like two-factor authentication via SMS or authenticator applications have become standard practice.
While these methods enhance security, they can be inconvenient due to the number of steps required. Installing an application, accessing a mobile phone to copy and paste a code, and remembering passwords turn what was once a single action into an unnecessarily frustrating user experience.
Fortunately, another means of authentication is gaining popularity: magic links.
Magic links provide frictionless and passwordless authentication to end users without compromising account security. Magic links are typically single-use and expire quickly. Each magic link contains a token that’s used to verify the user. These tokens are embedded in communications sent to a user’s email or phone number, requiring the user to prove they have access to the email or phone account to access the application.
Stytch’s Embeddable Magic Links add even greater function and flexibility. An Embedded Magic Link contains a piece of information attached to the link that can execute an additional action. For example, an email offering a 10 percent discount can embed a magic link that opens the website, logs in the user, and automatically applies the coupon code.
Previously, a secure promotional email would entail providing a general website link and a copyable discount code. The user would then need to log in and manually paste the code. However, an Embeddable Magic Link already contains the secure authentication token and the instructions to apply the coupon code. The customer only needs to click the link. This user experience is frictionless and offers unparalleled ease.
In this article, we’ll explore several uses for Stytch’s Embeddable Magic Links and how they can help your organization meet its business needs in new and creative ways.
A primary example of the power of Embeddable Magic Links is the ability to send “smart” marketing emails and text messages that greatly improve user experience and eliminate friction.
Consider the example mentioned earlier: emailing customers links that automatically log them in and apply a coupon code. A marketing email can feature several product links, each an embedded magic link that brings the customer directly to the product page and automatically applies the discount. Alternatively, SMS messages can contain the same types of links.
Both of these options ease the user experience. A user doesn’t need to remember — or even provide — a username and password to access their account. This makes for one less barrier between a customer and the targeted website. As well, pre-applying the discount code reminds the customer of possible savings and speeds up the checkout process.
By allowing users to make purchases with fewer clicks, the business can boost conversion rates and improve overall user experience.
Currently, the digital banking sector is transforming at a rapid pace. Most customers who use online banking can view their statements, transaction updates, e-transfer notifications, and history using their bank’s website or smartphone app. However, accessing these items typically involves logging in and providing additional security credentials. Moreover, increasingly stringent password requirements make them harder to remember, resulting in countless modes of insecure password storage.
In these scenarios, an Embeddable Magic Link can be instrumental in altering the user experience. With embedded authentication, the user can then log in with magic links sent to the associated email or phone number. The token serves as proof of user authentication without the need for entering complex passwords that have been stored with suboptimal security.
Despite arguments to the contrary, email isn’t yet an obsolete technology. However, the accessibility and flexibility of text messages provide a considerable opportunity for sending timely reminders and notification updates. As you’ve likely experienced, many retail companies and couriers like Amazon, FedEx, and UPS already use text-based services to keep users updated on their items’ delivery status.
However, these SMS messages typically contain basic links. Personalized updates often require users to log in to their accounts before viewing the linked content. More frustrating still is the fact that the login process doesn’t always redirect to where the original link intended. This leaves the user manually navigating through an account or returning to the SMS notification to retry the link.
Embeddable Magic Links can eliminate this hassle. They can immediately bring the customer to the target web page and automatically log them in.
Cart abandonment rates today are over 69%, with mobile abandonment over 85%. An estimated 26% of users will respond to retargeted ads following an abandoned signup flow. But too often these targeted follow-ups will require users to begin the sign up process from the very beginning.
Fortunately, Embeddable Magic Links removes friction from this process by returning users where they left off in the sign up flow, rather than requiring them to start all over. No re-entering of basic fields like name, email, etc. Embeddable Magic Links help customers skip the line, cut through the red tape, and get back to their cart or complete their sign up registration as quickly as possible. This helps you maximize conversions without minimizing security.
Using Embeddable Magic Links doesn’t completely remove multi-factor authentication (MFA) from the security picture. For delicate or sensitive information, you can combine these technologies by first providing the securely authenticated magic links and then using an MFA or one-time password (OTP) solution.
This extra authentication step is especially beneficial when there’s a chance that an email account or cell phone may be compromised. During such scenarios, the extra layer of security is both functional and reinforces to the user that the safety of their personal information is a priority.
As our information security demands evolve to address more sophisticated threats, magic links can provide an intelligent solution for secure authentication without the hassle of multiple login steps. Furthermore, Embeddable Magic Links can elevate your organization’s security protocol to a level of enhancing the user experience and generating more profitable web traffic.
One of the greatest parts of using Embeddable Magic Links is that they don’t have to be a drain on your internal resources. Stytch provides simple and secure passwordless authentication solutions, so that you can stay focused on your core product. To learn more about Stytch’s solutions, check out our documentation and experience Embeddable Magic Links for yourself.