magic login 2fa totp security logging in

Setting up magic login and two-factor authentication

MijnEvent 3 min read

Logging in without a password

At MijnEvent you never have to remember, come up with or reset a password. We work entirely with magic login. That's not only easier, it's also safer: there's no password to guess or leak.

Logging in works like this:

  1. On the login page, you enter your email address.
  2. You immediately receive a magic login link in your inbox.
  3. You click the link and you're logged in straight away.

The link is valid for 15 minutes. No longer working? Just request a new one — there's no limit.

An unfamiliar device? Then an extra code

If you log in from a device we don't yet recognise — for example a new laptop or a colleague's phone — we ask for an extra step. Alongside the magic link, we then send you a 6-digit verification code (OTP) by email.

Enter that code and you're logged in, and from then on we remember that device. The next time you log in on that same device, you won't need the extra code. That's how we combine convenience with solid security.

Two-factor authentication: a recommended extra lock

Want to secure your account even better? Then you can switch on two-factor authentication (2FA). This is optional, but we warmly recommend it — especially if you're an organiser and work with sales data.

With 2FA you use an authenticator app on your phone that generates a new code every 30 seconds (this is called TOTP). Well-known apps that work include:

  • Google Authenticator
  • Authy
  • 1Password or a similar password manager with an authenticator function

When setting it up, you scan a QR code with your app. After that, MijnEvent asks for the current code from that app when you log in. Only someone with access to your phone can then log in.

Keep your recovery codes safe

When you switch on 2FA, you receive 8 recovery codes. These are your safety net in case you lose your phone or can't access your authenticator app.

Mind the rules:

  • Each recovery code can be used once.
  • Store them in a safe place, separate from your phone — for example in a password manager or printed in a drawer.
  • Have you used a code? Then it's spent and won't work again.

In short

  • No passwords — logging in always goes via a magic link.
  • Magic link: valid for 15 minutes, can be requested again without limit.
  • Unfamiliar device: extra 6-digit code by email.
  • 2FA (optional but recommended): via an authenticator app, with 8 single-use recovery codes.

That's how you keep access to your account both simple and secure.

Back to blog
Read more
MijnEvent

Ready to get started?

Create a free account and sell your first tickets today.

Start free Pricing