One-Time Passwords

A one-time password (OTP) is an auto-generated numeric or alphanumeric string that authenticates a user for a single transaction or login session.

OTPs improve the user experience by allowing users to login without a password. They also act well as a second authentication layer for unverified users to pass before accessing an account.

Here at ReachFive, we offer two ways to implement OTPs:

Setup passwordless email template

To use a passwordless approach with email, you need to configure the passwordless template via the ReachFive Console.

Prerequisites

  • You must have access to the ReachFive Console.

  • You must have a Developer, Manager, or Administrator role.

Instructions

  1. Go to Settings  Passwordless  Email magic link.

  2. Enter the sender email in the From field.

  3. Write a Subject line in Subject field.

    You can use liquid templating language here.

  4. Enter the redirect URL in the Redirect to field.

    This is where users will be taken after clicking the generated magic link in the message.

  5. Specify the Link Lifetime (seconds).

  6. Write your Message.

The following templating variables are available:

{{link}}

This is the generated magic link (hosted by ReachFive that redirects to the specified URL).

{{verification_code}}

This is the generated verification code sent by email.

{{user.email}}

The user’s email address.

{{user.given_name}}

The user’s given name (first name).

example

Nicole Dubois

{{user.family_name}}

The user’s family name (last name, surname).

example

Nicole Dubois

Setup passwordless SMS template

To use a passwordless approach with SMS, you need to configure the passwordless SMS template via the ReachFive Console.

We only activate the passwordless SMS feature if you must have a unique phone number per use as OTP via SMS is a less secure approach.

Prerequisites

  • You must have access to the ReachFive Console.

  • You must have a Developer, Manager, or Administrator role.

Instructions

  1. Go to Settings  Passwordless  SMS verification code.

  2. Enter the Verification Code Lifetime in seconds.

  3. Set the Redirect to.

    This must be whitelisted in your client settings.

  4. Write your Message.

    passwordless sms template

The following templating variables are available:

{{link}}

This is the generated magic link (hosted by ReachFive that redirects to the specified URL).

{{verification_code}}

This is the generated verification code sent by SMS.

{{user.email}}

The user’s email address.

{{user.phone_number}}

The mobile number of the user receiving the message.

{{user.lang}}

The default language for the user.

{{user.given_name}}

The user’s given name (first name).

example

Nicole Dubois

{{user.family_name}}

The user’s family name (last name, surname).

example

Nicole Dubois

{{user.custom_fields.key}}

Custom user fields. Only the string, select, and tag custom field data types can be used in email templates.

example

{{user.custom_fields.favorite_movie}}

The tags custom field type is concatenated by default. If you want to separate the tags, use the join function:

Example

favorite_movie:["The Secret Life of Pets","Forrest Gump","Amélie"]

format
{{ user.custom_fields.favorite_movie | join: " , " }}
output
The Secret Life of Pets, Forrest Gump, Amélie

You can embed magic links where needed using the Management API. With this approach, you create the magic link as needed and embed that link where it suits.

  1. Create the magic link with the /magic-link endpoint.

    Successful responses provide the generated magic link like so:

    {
  "magic_link": "https://MAGIC_LINK?c=c&t=kas£kl0"
}

  2. Embed the magic link where it suits your campaign or project need.

Verification codes

Verification codes are a type of OTP that users can receive via email or SMS to verify their identity during login or account recovery processes. They consist of a short string of characters (default 6 digits) that users must enter to complete authentication.

Verification codes are typically used as a second factor in multi-factor authentication (MFA) setups, providing an additional layer of security beyond just a password. They can also be used for passwordless login flows, allowing users to access their accounts without needing to remember a password.

R5 AI Assistant
The R5 AI assistant can make mistakes, verify answers.

Confirm Deletion