Signup and Recovery Reuse the Same Foundation

Signup flow

  1. User enters name and email.
  2. Server generates an OTP code.
  3. Store the code hash with purpose signup.
  4. Send the email.
  5. Only create the user after successful verification.

Why this matters

  • Email ownership is proven before account creation.
  • The flow stays simple and consistent.
  • OTP codes also become the recovery path if a user loses a passkey.
Building a Production-Grade Passwordless Authentication System
8 / 12