Skip to main content
Typewise uses passwordless authentication via magic links. Instead of managing passwords, you receive a secure login link sent directly to your email address.
When you log in to Typewise, a time-limited authentication link is sent to your email. Clicking the link verifies your identity and creates a secure session.
1

Enter your email

Go to the Login page and enter your email address.
2

Check your inbox

A login link is sent to your email. The link is valid for 24 hours.
3

Click the link

Clicking the magic link authenticates you and creates a session in your browser.
Signup invitation links sent to new users are valid for 7 days, giving them more time to complete their account setup.

Session Duration

After logging in, your session remains active for 7 days. Once the session expires, you need to request a new magic link to continue using the platform.
  • Sessions last 7 days from the time of login
  • There are no automatic session extensions or refresh tokens
  • You can log out manually at any time, which immediately ends your session
  • After logout or session expiry, request a new magic link to log in again

Two-Factor Authentication

Typewise inherits two-factor authentication from your email provider. Since magic links are sent to your email, anyone accessing the link must first authenticate with your email account.
If your email account is protected with 2FA (e.g., Google Workspace, Microsoft 365), accessing your Typewise magic link requires passing that 2FA check first. This provides enterprise-grade security without additional configuration.
For maximum security, ensure all team members have two-factor authentication enabled on their email accounts.

Access Revocation

When an administrator removes a user from the platform via User Management, the user loses access on their next interaction with the platform.
  • The user’s account is deleted from the system
  • Their existing browser session is invalidated on the next request
  • Any attempt to access the platform after removal results in automatic logout
Users are not immediately disconnected mid-session. Access is revoked when they next interact with the platform, at which point authentication fails and they are logged out.

Security Features

Typewise implements several security measures to protect your account:
FeatureDescription
Cryptographic signingAll magic link tokens are cryptographically signed to prevent tampering
HttpOnly cookiesSession cookies cannot be accessed by JavaScript, protecting against XSS attacks
Secure cookiesCookies are only transmitted over HTTPS in production
Short-lived signup sessionsNew user signup sessions expire after 1 hour to limit exposure

See also