22Şub
One time password as passwordless authentication [duplicate]
When logging in to azure the login process emails me a short one time code to use and doesn't require a password. I am assuming it is a well trusted process in order to be used on such critical infrastructure, but I am not familiar with that pattern. What would you call it? Are there any special security considerations there?
It seems like it isn't quite a magic link/passwordless login as it uses a short code. It seems to be using more of a one time password type of generation but emailing the code rather than depending on an external app, and completely doing away with the password at all? Does that sound right? I'd like to make sure I understand as we would love to implement a similar pattern.
