Secure Passwordless Authentication with Magic Link or OTP via LoginRadius

1. DATA SHEET Passwordless Login with Magic Link or OTP One-click solution for your consumers’ fast-paced authentication needs! In the present era, increased consumer engagement and enhanced security are critical for all businesses having a digital presence. Passwordless Authentication fits into this picture entirely when businesses want to: • Reduce friction during the registration and login processes. • Increase consumer engagement using convenient authentication methods. • Enhance consumer account security by making it harder to compromise. One such passwordless authentication feature is Login with Magic Link or OTP.

2. What is Passwordless Login with Magic Link or OTP and how it works Against the obligation of standard registration and login process to first create and then access the account, this feature creates the consumers’ accounts and log them into the application in a single step. From the 2nd login and onwards, this feature acts as the login option. The step by step process of Passwordless Login with Magic Link or OTP for a new or existing consumer: 1. The consumer enters the Email Address or Phone Number. 2. The consumer receives a magic link (on email) or OTP (on phone number). 3. The consumer clicks the magic link or enters the OTP. a. LoginRadius creates an account (if it doesn’t exist for the entered email address or phone number), and the consumer automatically logs into the account. OR b. Consumer logs into the account automatically (if the account already exists). © LoginRadius Inc. | Confidential Information 2

3. Features LoginRadius Offers • Log in with Magic Link: Your consumer can log in directly by clicking the link received in the email. This email address does not have to be pre-registered on your application. Thus, the login flow will always remain the same whether the user is an existing consumer or new. • Login with OTP: Your consumer can log into the application directly by entering the OTP received on their phone number. This phone number does not have to be pre-registered on your application. Thus, the login flow will always remain the same whether the user is an existing consumer or new. • Magic Link and OTP Settings: You can configure email or SMS settings as per your business requirements and independently for the magic link and OTP from the LoginRadius Admin Console: • Request Limit: The maximum number of times a consumer can request a magic link or OTP within a limited time. For example, over 10 minutes, the consumer can request the OTP maximum of 3 times. • Disable Duration: The duration for which the magic link or OTP request remains disable if the consumer exceeded the defined request limit. For example, the consumer cannot request for a magic link or OTP for the next 30 minutes if 3 requests have been made already within 10 minutes. • Token Expiry: The duration for which the magic link or OTP will remain active. For example, suppose the token expiry time is 3 minutes. In that case, the not used magic link or OTP will automatically expire after 3 minutes, and the consumer will need to request another magic link or OTP to complete the login. © LoginRadius Inc. | Confidential Information 3

4. • Email and SMS Templates: YYou can configure and personalize the content of email and SMS templates that your consumer will receive during the login. These configurations are independent for email and SMS in the LoginRadius Admin Console: • Add Template: You can add new email and SMS templates. Generally, these are to support various authentication-related events; however, you can also use them for multilingual or other personalization use cases. • Edit Template: You can edit the content of the existing email and SMS templates. • Delete Template: You can delete an added template if it is no longer in use. • Send Test Email or SMS: After configuring the email or SMS provider, you can try to send a test email or SMS to verify the configurations. © LoginRadius Inc. | Confidential Information 4

5. Implementation and Deployment Methods LoginRadius supports various implementation and deployment methods, and you can choose the one as per your requirements. • Identity Experience Framework (IDX): After completing the configurations, you can directly use the pre-designed Passwordless Login with Magic Link or OTP page in your application using the Identity Experience Framework of LoginRadius. Based on your requirements, you can also modify the design and script of this web page. LoginRadius Identity Experience Framework is JavaScript and CSS driven. • JavaScript: You can generate embedded Passwordless Login with Magic Link or OTP page using the LoginRadius JavaScript Libraries. Based on your requirements, you can manage the login event and button name, customize the page’s look and feel, and handle success and error cases. • SDK and APIs: You can use the entirely open-source web and mobile SDKs (available in various programming languages) to build off and modify the code to serve your unique requirements. Similarly, we provide various APIs to support the desired extensive flow of features and custom use cases for your businesses. © LoginRadius Inc. | Confidential Information 5

6. How it’s beneficial for businesses • Streamlined User Experience: Registration and login actions are performed in a single step, which reduces friction for consumers. Also, consumers do not need to create or remember a password to access their accounts. • Consumer Familiarity: This authentication method is trendy, and most of the consumers are aware of the flow (popular applications like Medium, Slack, and Facebook are using this authentication method). Thus, you do not need to worry about making them familiar with the process. • Enhanced Account Security: Magic link or OTP is dynamically generated and sent over the email or phone number on request. Thus the common account takeover methods involving passwords are easily sidelined, and the consumer gets enhanced account security. • Improved Adaptive Security: The presence of failed Login attempts tracking, Magic Link expiry time, and OTP expiry time allow you to take the adaptive security measures for the consumers, which includes disabling their access for a limited time or sending them a notification about the attempts. © LoginRadius Inc. | Confidential Information 6

7. Use Cases This authentication method supports various use cases ranging from basic to enterprises. Here are a few sample use cases: • A viewer is participating in the online voting for contestants of the entertainment industry. • A traveler is accessing their accounts or onboarding facilities both at airports and holiday spots. • A reader is getting access to read a blog or post comments. • A user is accessing music or video streaming accounts. The above-mentioned use cases require a quick and easy to use login method for consumers. The Passwordless Login with Magic Link or OTP serves this purpose by eliminating the need to create and remember passwords and combining registration and login in one step for the new users. © LoginRadius Inc. | Confidential Information 7

8. Conclusion Passwordless Login with Magic Link or OTP has known benefits for the consumers and businesses, lowering the registration and login processes’ efforts and enhancing the user experience and account security. Contact Us: sales@loginradius.com LoginRadius is a leading provider of cloud-based Customer Identity and Access Management solutions for mid-to-large sized companies. The LoginRadius solution serves over 3,000 businesses with a monthly reach of over 1 billion users worldwide. ©Copyright, LoginRadius Inc. All Rights Reserved.