FastComments.com

Menu Icon

Background

What are Login Links?
Benefits of Login Links Over Passwords

Security

How We Ensure The Security of Login Links

Usage

Who Gets Sent Login Links?

FastComments aims to make its user experience as straight forward as possible.

Login Links are one of many mechanisms we used to achieve this goal.

As of late 2023 FastComments also supports traditional password-based authentication.

Login Links, also commonly called Magic Links, are links where, upon accessing, give you access to some set of information. In the case of FastComments, these links are used for authentication.

They are commonly called "Magic Links" since it seems like magic - you click a link in your email, and you are automatically, and securely, logged in.

The first and foremost benefit to Login Links is decreased friction.

For Commenters

Users commenting on your website can create an account quicker, since they do not have to provide a password. If you have the email input field configured to show when commenting, and the user provides an email, we will automatically create an account and send them a welcome email.

Note! It may be required by your jurisdiction to let the user know that their email is shared with a third party. At a minimum, cover this in your privacy policy.

Other benefits are that for some events, we can send the commenter a link to take action, which automatically authenticates them.

For Tenant Admins & Moderators

The benefits for tenant admins and moderators are very similar to commenters, including reduced friction when signing up for FastComments and adding users to your tenant. Additionally, for those not using a password manager - it is one less thing to remember.

For notifications and emails that require action, like:

  • Tenant Digest
  • Comment Notifications

The links in these emails are temporary magic links.

Since the login links are essentially passwords, we take the security very seriously.

All login links in our system are set to expire after a certain period of time, and we also have mechanisms in place to detect the guessing of a login link. Some login links are split into multiple passwords, and if one is guessed, the other will be invalidated.

Security Compared to Passwords

With most systems that require a password, you can go through a Forgot Password mechanism if you have the user's email. This means, if you have access to the user's email account, it does not matter if the system under attack uses passwords or magic links.

Security Compared to MFA

Login Links are less secure than MFA, however this is something we aim to offer in the future for admin accounts.

All FastComments users have the potential to be sent login links. These only authenticate to the scope that the user has access to. If the user is a commenter, they will never be granted admin permissions from a login link.

Additionally, admins can send any tenant user a new login link from the users page.

In Conclusion

You've reached the end of our Login Link documentation. If you feel like we've missed something, let us know below.

Contribute to This Guide