Open Collective Docs
Go back to Open Collective
Search…
Welcome
About
Introduction
Documentation
Terminology
Company
Pricing
Team
The Open Collective Way
Hiring
Investors
Contributing
Product
Features
Roadmap
Comparison
User Profile
Currencies
Log-in System
Privacy Policy
Moderation
Security
Notifications
Two-factor Authentication
Collectives
Collectives FAQ
Creating a Collective
Quick Start Guide
Collective Settings
Add Fiscal Host
Change Fiscal Host
Open Source Collectives
Transparent Budget
Expenses
Updates & Comms
Custom Email
Moderation
Conversations
Events
Projects
Funding Options
Buttons & Banners
Connected Collectives
Contribution flow
Financial Contributors
Financial Contributors FAQ
Guest contributions
Payments
Crypto Contributions
Website Badge
Receipts
Collective to Collective
Organizations
Expenses & Getting Paid
Expenses FAQ
Submitting Expenses
Virtual Cards
Expense Comments
Edit or Download an Expense
Receiving payment through Payoneer or Wise
Tax Information
Fiscal Hosts
Fiscal Hosts FAQ
Becoming a Fiscal Host
Creating a Fiscal Host
Organisation Settings
Fiscal Host Dashboard
Receiving Money
Payouts
Host Fees
Local Tax Support
Agreement Templates
Independent Collectives
About Independent Collectives
Create an Independent Collective
Independent Collective Setup
Independent Collective Management
Close an Independent Collective
Developers
Contributing
Design
Development
Documentation
Translation
Powered By GitBook
Log-in System
Open Collective works with a no-password system, because our users appreciate not having to remember another password, especially when on mobile.

You type in your email and the system instantly knows if you're an existing user or a new user.
If you already have an account, we send you an email with a unique link that logs you into Open Collective. You will stay logged in for 30 days on that device.
If you're a new user, you'll be prompted to create an account.

It might sound counterintuitive, but passwords don’t always make things more secure. They can be hard to remember, and easy for fraudsters to guess. Not everyone uses a password manager, and people often don’t follow good password practices and either reuse passwords, or pick obvious ones (ie. their country code, their birthday, etc). Passwords can also make you more vulnerable to phishing, a type of fraud where someone tricks you into telling them your password.
Most websites allow you to reset your password by email, a feature fraudsters can use to work around any protection provided by a password. These websites start from the premise that if your email is compromised, your account will be too. The main way to avoid that is Two Factor Authentication (2FA), which you can enable on your Open Collective account. We don't send 2FA codes to mobile phones, we rely on OTP apps like Google Authenticator.
According to Auth0:
Passwordless authentication, by its nature, eliminates the problem of using an unsafe password. This means that one of the biggest user errors is taken out of your login. Not only is passwordless authentication safe to use, it might even be safer than a traditional username + password login.
In 2020, this login system was audited by Cure53. Their report included recommendations for improving it, but they found no critical issue nor design issue about the way it works today.
Our login system is also covered by our security bounty policy; we invite security researchers (and pay them) to try to break our system and improve it.
Who else uses magic links to login?
Product - Previous
Currencies
Next - Product
Privacy Policy
Last modified 1mo ago
Export as PDF
Copy link
On this page
How it works
About security