A magic link is a passwordless authentication method that sends the user a unique, time-limited URL via email (or SMS). Clicking the link logs the user in without entering a password.
Magic links eliminate password fatigue and reduce account takeover risk from credential reuse, but they create a dependency on email security — if the user’s email is compromised, the attacker can request and intercept magic links. For high-security portals (financial services, healthcare), pair magic links with MFA on the email account, or use them as a backup factor only.
Common in customer portals where reducing login friction matters more than maximum security.