Best Auth method for my use case
Hello dear Kinde Team!
Since Kinde has so many different auth methods, I was wondering what method you would recommend me to use?
Use case:
- Users can contact each other by email and username
- contact by username is with a build-in chat
- usernames can also lead to a profile page for some roles
Now since both username and email might be public and are also used for auth, isn’t this kind of a security risk?
Should I handle setting contact email and username separately to the login email?
Having it separately would mean that I would kinda have to verify that email address 📧 on my own, which would also be kinda annoying for the user. I guess some pages don’t verify the contact information.
What Auth methods would you recommend me?
Much appreciated
- Paul
1 Reply
Hi Paul,
Great question! Here's what we'd recommend based on your use case:
Primary authentication
Use email OTP (passwordless) as your main login method. It’s secure, verifies the email at sign-up, and you don’t need to manage passwords:
https://docs.kinde.com/authenticate/about-auth/authentication-methods
https://docs.kinde.com/authenticate/about-auth/identity-and-verification If you want to avoid login via username (since usernames might be public), you can disable it in Settings → Authentication:
https://docs.kinde.com/authenticate/authentication-methods/username-authentication Username as display name only
Instead of using username for authentication, treat it as a public display handle. - Go to Settings → Data management → Properties - Create a custom property like
https://docs.kinde.com/properties/work-with-properties/manage-properties
You can include this in your tokens or fetch it via the Management API.
Separate contact email from login email
If you want users to share a different email for contact, create a custom property like
Since this won't be verified by Kinde automatically, you'll need to handle verification on your end (e.g., with a confirmation code or link).
https://docs.kinde.com/authenticate/about-auth/identity-and-verification
https://docs.kinde.com/properties/work-with-properties/manage-properties
Optional: Add phone OTP or MFA
You can also add phone-based OTP or enable multi-factor authentication for extra security:
https://docs.kinde.com/authenticate/authentication-methods/phone-authentication/ Let me know if you'd like help setting any of this up. Happy to assist
Use email OTP (passwordless) as your main login method. It’s secure, verifies the email at sign-up, and you don’t need to manage passwords:
https://docs.kinde.com/authenticate/about-auth/authentication-methods
https://docs.kinde.com/authenticate/about-auth/identity-and-verification If you want to avoid login via username (since usernames might be public), you can disable it in Settings → Authentication:
https://docs.kinde.com/authenticate/authentication-methods/username-authentication Username as display name only
Instead of using username for authentication, treat it as a public display handle. - Go to Settings → Data management → Properties - Create a custom property like
public_usernamehttps://docs.kinde.com/properties/work-with-properties/manage-properties
You can include this in your tokens or fetch it via the Management API.
Separate contact email from login email
If you want users to share a different email for contact, create a custom property like
contact_email.Since this won't be verified by Kinde automatically, you'll need to handle verification on your end (e.g., with a confirmation code or link).
https://docs.kinde.com/authenticate/about-auth/identity-and-verification
https://docs.kinde.com/properties/work-with-properties/manage-properties
Optional: Add phone OTP or MFA
You can also add phone-based OTP or enable multi-factor authentication for extra security:
https://docs.kinde.com/authenticate/authentication-methods/phone-authentication/ Let me know if you'd like help setting any of this up. Happy to assist