Passwordless Login
You or your customers having trouble logging in?
What is passwordless login?
Traditional login systems used a username (or email address) and a password. Passwordless login system drop the password in favour of one-time codes which are sent to users at the time of login and are only valid for that login attempt.
What are the advantages of passwordless login?
In short, it's much more secure. When users are asked to create a password for a computer system, they most often reuse simple, memorable passwords that they have used in many system previously. Since most systems get compromised sooner or later, once this password is 'out in the open', it compromises all other systems where it has been used and gives attackers easy access to many of the user's online accounts.
By using passwordless login, and not storing any user passwords, Pakk's users' accounts would not be compromised in the case of a database hack on Pakk, because we do not store any passwords. Furthermore, any compromises of other systems where users had the same password, would also not affect Pakk.
How does passwordless login work?
User goes to login screen
User submits their email address
If this email address matches an existing record on the system, a one-time code, valid for 10 minutes, is sent to the email address
User accesses their email and retrieves the code
Use enters the code in the login screen and gains access to their account
That code is now invalidated and can never be used for login again
Why is the one-time code only valid for 10 minutes?
If the code remained valid indefinitely then if a user's email was hacked at any point, the attacker could use an old one-time login code to gain access to the user's account, even if a significant time had passed.
By expiring codes after 10 minutes, an attacker would need to have hacked a user's email within the exact 10 minute period after the user had requested (and not subsequently used) the code. This massively reduces the attack exposure.
The login email is taking a long time to arrive. What's the problem?
We use the most reliable and fastest email sending infrastructure currently available on the internet to send out login codes. The average delivery time is in the order of a few seconds.
However, this does not mean that the email will pop up in your (or your customer's) inbox within a few seconds (although it might). After the email has been 'delivered' by our system, it then depends on your (or your customer's) email provider infrastacture as to how quickly it will appear in the inbox. We've found that some of the bigger providers can sometimes take a few minutes to actually deliver an email.
Unfortunately, slowness of email service providers isn't something we can do anything about.
The email isn't arriving. What can I do?
First check that the email is being entered correctly, without any typos.
99% of the time the problem will be because the email is being routed to Spam. Check your spam inbox or tell your customer to do that.
No, it's definitely not there. What can I do now?
The ONLY situation that results in non-delivery of an email to you or a customer is if the email address has been 'surpressed' by our email sending infrastructure. This can happen for one of two reasons:
Multiple Hard Bounces
This means that at some point in the past, this email address wasn't working, so the system has stopped trying to send emails to it. In this case, if the email is now back in working order, we CAN unblock it at your request.
Spam Report
If the user of this email address has filed a spam complaint in the past, it will be permanently blocked and there is nothing we can do to unblock it. Unfortunately this email will never be able to receive emails from us.
Last updated