Understanding TalentScreen Authentication
How TalentScreen's passwordless authentication system works and why it's secure.
TalentScreen uses passwordless magic-link authentication powered by Supabase. This approach eliminates password-related security risks while providing seamless access.
How It Works
When you request a login link, TalentScreen generates a unique, cryptographically secure token. This token is embedded in a URL and sent to your email.
Clicking the link verifies your email ownership and creates a session. The session is stored in an HTTP-only cookie that your browser sends with each request.
Sessions are validated using JSON Web Tokens (JWT) signed by Supabase. The server verifies each token before granting access to protected resources.
Magic links are more secure than passwords. They can't be reused, guessed, or leaked in database breaches.
Security Features
All magic links expire after 60 minutes. Each link can only be used once. Sessions expire after 7 days of inactivity.
HTTP-only cookies prevent JavaScript access to session tokens, protecting against XSS attacks. All authentication requests use HTTPS encryption.
Your email inbox becomes your authentication gateway. Use a secure email provider with two-factor authentication enabled.
Was this article helpful?