Docs Dashboard

Sign in

Anchorify has two sign-in methods, surfaced as equal peers on the sign-in card:

  1. Continue with Google — OAuth sign-in. Uses the email Google reports for your account.
  2. Sign in with email — magic-link. Type your email; we email you a one-time link that signs you in for 30 days.

There's no password to set, change, or remember. We picked this on purpose — see "Why no password?" below.

Magic link

Click Sign in with email, type your address, and submit. The page replaces in place with "Check your inbox. We sent a link to <email>." plus a Resend link.

The link works once and expires in 10 minutes. Click it and you're signed in.

If you click an old link you've already used, or one that's past 10 minutes, the page tells you which case you hit and offers a one-click "Send a new link" button.

Cold sign-in (no Anchorify account yet)

If we've never seen your email, the magic link still works. After you click it, the page asks you to pick a username and signs you in. The username becomes part of your home-org slug (you can rename either later — see orgs).

Cross-device sign-in

A magic link can be opened from any device — you can request the link on your phone, click it from your laptop, and you'll be signed in on the laptop. Some corporate mail systems pre-fetch links to scan them; if a link mysteriously fails right after you receive it, request another and click it from your own browser before any scanner does.

Sign out

Click your avatar in the top-right and pick Sign out (or hit /auth/logout directly). The session cookie is cleared immediately.

Why no password?

Passwords are the worst part of every web app. We don't store them, we don't reset them, we don't have to make you pick a "strong" one or rotate one. Magic-link + Google together cover every reasonable case:

  • Google is fast and frictionless if you already have a Google account at the email you want to use.
  • Magic-link works when you don't, and as a recovery path when your Google account is offline.

Single-use, 10-minute tokens are at least as safe as the average user-chosen password — most password breaches are credential stuffing or phishing, both of which a 10-minute one-use link sidesteps. The cost is one extra email round-trip per sign-in.