PASSWORDLESS AUTHENTICATION USING MAGIC LINK TECHNOLOGY

Abstract

Nowadays, the problem of identification and authentication on the Internet is more urgent than ever. There are several reasons for this: on the one hand, there are many Internet services that keep records of users and differentiate their access rights to certain resources; on the other hand, cybercriminals' attacks on web services have become much more frequent lately. At the same time, in many cases, the weak point of systems exposed to attacks is precisely the authentication system. Authentication methods based on the knowledge factor (e. g. password protection) are the most common and are applied almost everywhere. Their advantages are ease and low cost of implementation. On the other hand, such systems are often vulnerable to various kinds of attacks. It is estimated that up to 80% of successful hacker attacks (including attacks on the largest services with millions of users) succeeded precisely because of the weakness of the password protection system. This paper presents a solution to the problem of passwordless authentication, which can be applied in a number of online services and systems. In particular, we consider the magic link technology and present an authentication system implemented using Keycloak, an open-source software product that implements single sign-on technology. In the future, it is possible to further improve the system, in particular, using adaptive authentication, which allows switching between different authentication mechanisms depending on certain factors.