Comment by SgtBastard
1 year ago
As with sibling comment, what threat vector do you see phishing risk with?
A race condition where the phishing email lands first, user clicks link to g00gle.com, gets a convincing message that they also need to present username and password?
See response to sibling
Thank you - as sibling also mentioned, what you're describing in isn't a magic link but a standard TOTP/HOTP delivered via email which absolutely is phishable in the manner you described.
Magic link is a process where you enter your email address and the service sends you an email that contains a clickable hyperlink that contains a cryptographically strong, short-lived nonce in the URI that is used as a proof-of-possession factor (the email account) to authenticate users.
See third cousin
2 replies →