Skip to content

Technique G218:Email link authentication

About this Technique

This technique relates to:

This technique applies to technologies that support authentication.

Description

The objective of this technique is to provide an easy way for users to authenticate without needing a password. This technique involves providing an authentication mechanism where the user can enter their email address, and they are sent an email with a link to click. When the user clicks the link in the email, they are directed back to the website and automatically logged in.

Note

The security of the email link mechanism is not the focus of this technique, but it generally involves sending a time limited token as part of the email.

Examples

Related Resources

No endorsement implied.

Tests

Procedure

For websites which allow users to login by emailing a link to the email address associated with the account:

  1. Enter a valid email address (with an account on the website) and use the email-link feature.
  2. Check that the email is received.
  3. Check that selecting the link opens the website.
  4. Check that the user account is logged in.
  5. Check that no object recognition test is used as part of the authentication process.

Expected Results

  • #2, #3 and #4 are true.
  • For the AAA Accessible Authentication (Enhanced), #5 is also true.
Back to Top