A passwordless-first approach
Ligue follows a passwordless-first authentication strategy.
- No traditional passwords.
- Reduced account takeover risk.
- Faster onboarding and login.
- Secure by default.
Authentication is designed to be user-friendly, scalable, secure, and mobile-first.
Email one-time passcode (OTP)
Users authenticate using a one-time verification code sent to their email.
- OTP length: 6 digits.
- OTP validity: 5–10 minutes.
- One-time use only.
- Automatically expires after use or timeout.
Maximum resend attempts are enforced, rate limiting is applied per email and IP, and failed attempts are logged.
Google sign-in
- OAuth 2.0 based authentication.
- Email must be verified by Google.
- Email address is used as the primary identity.
- New users are auto-provisioned if the email does not exist.
Apple sign-in
- Uses Apple Sign-In standards.
- Supports Apple's private relay email.
- Apple-provided email is treated as a verified identity.
- User identity is linked to the Apple ID.
Was this helpful, or still need a hand? Contact support — we respond within 1 business day.
← Back to Sign-in & Security
