Zephr includes a feature allowing end-users to register and login to your site, via Zephr, without the need to enter a password.
This process works through the use of email verification and is called Passwordless Authentication. Users logging into your site will enter their email address, and an email with an access link will be sent including a link to redirect users to your website and log them in.
The tokens generated for this access link are for single use only. If a user tries to use the link for a second time, they will receive an error and Zephr will not log them in. When configuring this feature, you can also choose how long a token is valid. If a user clicks on the link outside the token validity, they will not be logged in and will need to complete the process again.
Configuring Passwordless Authentication
To allow Users to login via email, first head to Identity > Settings.
Once here, scroll to Authentication, and tick Require Email Verification.
Below, enter the message you want Users to see on screen after they submit their email, telling them to expect an email with a link in it for login, then set the Authentication Link Timeout (Hours). This field determines how long a login link will be valid for once sent.
Click Save, then navigate to the Feature where you wish to display a Passwordless Registration and Login Form. Create or edit an existing Registration Form and select Use Passwordless Authentication under the Form Details section.
Once this is saved, link the relevant registration form to your Feature, and publish as usual. You users will now be able to Register and Log In without setting a password.
If you choose to turn this off, users will need to click ‘Reset Password’ the next time they log in, in order to set a password and continue accessing your site.