Magic

@danielque Thanks Daniel! Hahah that's such a throwback, they are definitely ahead of the curve! Lots of great shifts in user behavior have been happening, as well as improvements to identity tech. The world of auth is about to get interesting again! ✨

@morgan_leblanc Thanks so much! The default user security is actually based on their email security, so that it's really easy for users to get started with any application! But we are in the process of building out email hack protection (location, network etc.), as well as other form-factors of login such as WebAuthn and mobile authenticator app for users with higher level of security requirements! The cool thing with using decentralized identity (DID) is that developers only need to deal with DID tokens signed by keys on the backend, and the front-end key management form-factor can be very flexible without having to change the backend code!

@morgan_leblanc I thoroughly get the tech and kudos on the whitepaper. What I meant is that this is a great effort towards solving the real problem of e-ID. Got it, but not without a major impediment against it as well. It would be great for developers and platforms, set us all up towards what anyone on the industry knows we should move to. Let me call this Side 1 (platforms, systems, developers, products and services). However.. when we think of Side 2 (the users themselves) there's a huge hurdle. The pitch I heard though was "hey users, replace your passwords with magic links because it's better". To the user on Side 2, things would be a lot simpler and faster, sure. However, they would also be anything except safer nor better than the status quo when the main source of truth/access is the good old munted-mongered phishing-full email. Why not pair it with a reliable messenger to start for example, as I mentioned above? If anything, it's a dead-certain pseudo exit strategy where you'd have most of them begging for a "use X app and forget about passwords". Sophisticating the solution even more, like I also mentioned, why not biometrics and personal devices - moving away from the old and clunky IxD and all its interfaces that we know should change in the future anyway? If you're opened to a piece of advice from somebody who truly loves the concept - apart from hating the crying shame of it as soon as I read "email" - here it goes: I would strongly recommend thinking about graduating the product, instead of the user. Avoid the complication of anybody who's been phished or hacked asking you "how was this better than my old password manager" altogether. The only possible answer you'd have is "Your email mate. Your responsibility" and those are the final words anybody hears before their great unchecked ideas go to die. :) Not tomorrow. Not next. Before anything. Now. That would be new and different. That would also show that you also care about the user, sometimes not so knowledgeable, and not only about the product developer. All the very best luck with the project. It can really become.. magic. ;)

@jehunter5811 Thanks Justin!! The pricing model will actually be quite similar to the Fortmatic pricing model. We are finalizing the details and eventually the goal is to fold Fortmatic whitelabel SDK users into Magic, and the free base plan is going to also be in Magic!

@chris_lu Thanks so much Chris! With all the recent advancements in cloud infrastructure, identity, and crypto, the pieces are starting the connect, the antiquated auth and identity space is going to get super interesting very soon!

@coderberry Thank you so much Eric!! Simplicity will be our focus - we'll carefully and gradually introduce more amazing web 3 features to web 2 in a super accessible way!

@sunghong_sch Thanks!

@duncan_cock_foster1 That's a very good question Duncan! We designed Magic to be able to integrate seamlessly with existing applications too and not just for new projects. You should be able to plug Magic into your existing session management (if there's any) and get rid of passwords by only requiring user magic links. You can take a look at the following tutorials for how that can be done: Express + PassportJS: https://docs.magic.link/tutorial... Firebase Auth: https://docs.magic.link/tutorial...

@_seanli can it work along side passwords? for example, could we present users with the ability to log in with a password, and then also use magic if they would like to do so?

@_seanli @duncan_cock_foster1 I think the technical answer to that is yes, but passwords come with very serious security, privacy, and financial risk hazards for your users due to the risk of password database theft. I've covered this topic in depth in many other places so I won't go too deep here, but the short version is there is no really safe way to store passwords, even hashed, salted, peppered passwords, and most users reuse the same passwords on multiple sites. That means providing a password option on your site could be endangering your user's bank account, or medical records, or identity, and that could open you up to liability you don't want. Passwords are obsolete.