Using An Email Magic Link Solely For Logins For Student Organization Website

Feature Requests Password Manager
1

Dear Bitwarden Developers,

I am responsible for developing the login system for our school’s login system, and am having trouble convincing members to stick with the password login system I am proposing.

In our password login system, no “Forgot Password” Email Recovery Link is ever sent. Either the user remembers their original password or they will have to type in a Recovery Password in case they get locked out of their account. I was inspired to use this technique for recovery passwords from Tutanota’s login system (https://tutanota.com)

But when I proposed this solution to the development team, our student organization’s president admitted he–nor anyone–would care enough to remember their passwords that diligently.

I simply said that each and every member of our organization would thus get two login options:

  1. The password system I have proposed.

  2. Using an Email Magic Link System. This is heavily inspired by Medium’s “Sign In With Email” option (https://medium.com). Medium simply sends the user a link to the user’s registered email. The user is automatically logged in immediately after clicking on the link in the email sent to them. Although this option is convenient, its much less secure than option 1. However, its meant for people who are not willing to maintain good password hygiene. I am aware Bitwarden uses Email as part of a “Two-Step Login” feature but what do the Bitwarden developers think of adopting Medium’s “Email Magic Link” system?

2

Thanks for the suggestion @fosres, however an email magic link capability would not be possible with Bitwarden without severely compromising security. Bitwarden uses zero-knowledge encryption, in doing so the user’s master password is the key to decrypting their encryption private key, which is then used to decrypt their vault. Without the master password, you get nothing. The server, database, etc. know nothing of the password itself and it is never sent. While Bitwarden could “bypass” the use of a password for authentication (that part is easy, we do it for SSO even), it still can’t decrypt the user’s vault, rendering the authentication almost useless without the master password still.

So while a magic link could work to authenticate a user into Bitwarden, there would be almost zero value to it since the master password would still be required (just as it is with SSO). In order to use a privacy-focused, zero-knowledge encryption solution like Bitwarden, at the moment, the user would always have to remember 1 password.

3

Thanks for letting me know Chad. I appreciate your detailed response.