Magic-link authentication
Also known as: passwordless auth, magic link
Passwordless login via a unique URL emailed or texted to the user. The link contains a signed token that authenticates without requiring a password.
Magic-link authentication eliminates the password-creation step that loses 30–50% of customers at the front door. Instead of "create an account, choose a password, verify your email," the customer just receives a link in their email or SMS. They tap it. They're in.
For service businesses, magic links are the right pattern for customer-portal access (viewing invoices, paying, seeing visit history) because the relationship is transactional rather than account-based. A customer who hires a service business twice a year doesn't want to maintain another password. The token in the link is signed against the customer's email + the document ID; if they forward the email, the recipient can also access (sometimes a feature — spouses, accountants — sometimes not). Tokens expire after a configurable window. Magic links are unsuitable for high-security contexts (banking, medical) where strong authentication matters; they're well-suited to invoice-and-quote-and-history surfaces where the cost of fraud is bounded.