Passwordless authentication allows your users to log in with just their email address. It has no dependencies on any providers other than having an email account and makes it easy for users to create accounts and never have to remember a password again.
The email address is inherently unique. It is also the common layer of protection, as if the email address is comprimised, so are all other solutions. By utilizing the previously authenticated Email Service Provider (ESP), it is assumed that there is a preexisting layer of authenticated protection.
Immediately check to see if email addresses are valid and control the response that bad actors would receive should there be a malicious attempt to access gated content.
The user would obtain confirmation that a temprary password is being generated and sent to their email address. A user would navigate to their Email Service Provider (ESP) and locate email containing the one-time password.
Once the magic link authentication email is received by a user, the encrypted, one-time use password will be contained in the body of the email. This could also be a single click link to redirect a user back to authentication.