Magic links, OTPs, passkeys, and what to use when.
Both replace passwords with email. Both feel "passwordless." They are not the same product. Here's the honest comparison — UX, security, deliverability, and the situations where each one is the wrong choice.
What passkeys actually are, how WebAuthn works under the hood, why they resist phishing where passwords and OTPs fail, and how to adopt them without locking users out.
Authentication
Foundations, flows, and patterns for user authentication on the modern web.
BrowseOAuth & OIDC
OAuth 2.0, OpenID Connect, PKCE, and federated identity in depth.
BrowseJWT
Tokens, signatures, claims, and the things that go wrong with JWTs.
BrowseSecurity
Threats, mitigations, and defensive design for auth systems.
BrowseReact Auth
Authentication patterns specific to React and SPAs.
BrowseMulti-Tenant Auth
Designing auth for B2B SaaS — orgs, roles, and isolation.
Browse