Authentication Methods
clarife supports multiple authentication methods to balance security and convenience.| Method | Description |
|---|---|
| Email + password | Traditional sign-in with email and password |
| Magic link | Passwordless sign-in via a link sent to your email |
| Google OAuth | Sign in with your Google account |
| Apple OAuth | Sign in with your Apple ID |
| GitHub OAuth | Sign in with your GitHub account |
Email + Password
The standard authentication method:- Minimum 8 characters required
- Passwords are hashed using bcrypt (never stored in plain text)
- Password reset via email link
- Change password anytime in Settings
clarife uses bcrypt with a high cost factor for password hashing, making brute-force attacks computationally impractical.
Magic Link
Passwordless authentication for quick access:OAuth Providers
Connect third-party accounts for one-click sign-in:| Provider | What is shared |
|---|---|
| Email, display name, avatar | |
| Apple | Email (private relay option available) |
| GitHub | Email, username, avatar |
Two-Factor Authentication (2FA)
Add a second layer of security with TOTP (Time-based One-Time Password):| Feature | Details |
|---|---|
| Protocol | TOTP (RFC 6238) |
| Code length | 6 digits |
| Code interval | 30 seconds |
| Recovery codes | Provided at setup |
| Compatible apps | Google Authenticator, Authy, 1Password, Bitwarden |
Session Security
| Feature | Details |
|---|---|
| Session tokens | Secure, HttpOnly cookies |
| Session duration | Refreshed automatically while active |
| New device detection | Login alerts sent for unrecognized devices |
| Concurrent sessions | Multiple devices supported simultaneously |
Can I use multiple authentication methods?
Can I use multiple authentication methods?
Yes. You can have a password, magic link, and multiple OAuth providers all active on the same account. Use whichever is most convenient.
Is Apple Sign In private?
Is Apple Sign In private?
Yes. Apple allows you to use a private relay email that forwards to your real address. clarife sees only the relay address unless you choose to share your real email.
What happens if I forget my password?
What happens if I forget my password?
Click Forgot password on the sign-in page. A password reset link is sent to your email. You can also use magic link or OAuth to sign in without a password.
Does 2FA work with OAuth sign-in?
Does 2FA work with OAuth sign-in?
2FA is applied to email/password and magic link sign-ins. OAuth providers manage their own 2FA independently. We recommend enabling 2FA on both your clarife account and your OAuth provider.