Changelog Master Feed Over the top auth strategies (Changelog & Friends #78)
10 snips
Jan 31, 2025 
Dan Moore from FusionAuth shares insights on modern authentication strategies. He discusses innovative methods like magic links, OTPs, and passkeys, exploring their security advantages and user experience challenges. The conversation dives into the balance between usability and security, addressing common issues users face with excessive permissions and password management tools. Dan also highlights the importance of educating users on multi-factor authentication and optimizing password security, making complex tech more accessible for developers.
AI Snips
Chapters
Transcript
Episode notes
Magic Links Implementation
- Jerod Santo switched to magic links in 2016 because he realized most users rely on the "forgot password" flow.
- This approach eliminates storing passwords, enhancing security, but introduces friction like email delays.
Corporate Link Checkers
- Dan Moore's company uses Javascript POST requests for logins to bypass corporate link checkers that expire magic links.
- This method avoids pre-clicking issues with services like Outlook.
User-Facing Authentication
- Authentication systems are uniquely user-facing, unlike databases or queues.
- Changes directly impact users, requiring developers to adapt to user preferences.