Ask A Question


You’re not receiving notifications from this thread.

Magic Link Authentication with generates_token_for in Rails 7.1 Discussion

is magic link login considered secure ?
can it be used for a production website reliably ?


As long as the tokens expire, are one-time use, and the user's email isn't compromised it should be fine. You'll still want to support 2FA through another mechanism for more security.

I much prefer email/password login so I can use a password manager.

Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 78,890+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    Screencast tutorials to help you learn Ruby on Rails, Javascript, Hotwire, Turbo, Stimulus.js, PostgreSQL, MySQL, Ubuntu, and more.

    © 2023 GoRails, LLC. All rights reserved.