Skip to content

Technique G218:Email link authentication


Content implemented in any technology.

This technique relates to:


The objective of this technique is to provide an easy way for users to authenticate without needing a password. This technique involves providing an authentication mechanism where the user can enter their email address, and they are sent an email with a link to click. When the user clicks the link in the email, they are directed back to the website and automatically logged in.

The security of the email link mechanism is not the focus of this technique, but it generally involves sending a time limited token as part of the email.


Other sources

No endorsement implied.



For websites which allow users to login by emailing a link to the email address associated with the account:

  1. Enter a valid email address (with an account on the website) and use the email-link feature.
  2. Check that the email is received.
  3. Check that selecting the link opens the website.
  4. Check that the user account is logged in.
  5. Check that no object recognition test is used as part of the authentication process.

Expected Results

  • #2, #3 and #4 are true.
  • For the AAA Accessible Authentication (Enhanced), #5 is also true.
Back to Top