The objective of this project is to develop a Passwordless Authentication System that uses email-based token verification instead of traditional passwords. The system enhances security and user convenience by generating time-bound secure tokens, enabling students to understand modern authentication mechanisms and secure session management techniques.
Study traditional password-based authentication limitations and security risks.
Analyze passwordless authentication concepts such as magic links and one-time token verification.
Prepare Software Requirement Specification (SRS) and authentication workflow documentation.
Design system architecture including token generation, email service integration, and session handling.
Create database schema for users, login requests, tokens, expiration timestamps, and authentication logs.
Implement user registration with email verification process.
Develop secure token generation using cryptographic random strings.
Implement time-bound token validation and automatic expiration handling.
Integrate email service (SMTP simulation) to send authentication links or OTP tokens.
Implement secure session management using JWT or session IDs.
Add account lock and rate-limiting to prevent abuse or token spamming.
Maintain logs of authentication attempts and token usage.
Apply input validation and protection against common vulnerabilities (SQL Injection, CSRF).
Perform unit testing and security testing for token misuse scenarios.
Prepare documentation including ER diagrams, authentication flowcharts, and test cases.
Deploy system locally or on a cloud platform for demonstration.
