Sign in and authentication

Numwisely uses passwordless authentication. You enter your email address and receive a magic link by email. Clicking the link signs you in immediately. There is no password to create or remember.

Every email also includes a 6-digit OTP code for cases where clicking the link does not work — most commonly on mobile devices or when corporate email security software scans links before you can click them.

On desktop browsers, the fastest method is to click the "Log In" or "Confirm your email" button in the email. The link opens your browser, verifies the session with Supabase Auth, and redirects you to the app within seconds.

If the link takes you to the login page instead of the app, enter the 6-digit code from the same email. This happens when the link has been prefetched by an email security scanner.

On iPhone and iPad, clicking magic links from the Mail app opens them in Mail's in-app browser, which does not share session data with Safari. This means the click-through link will not work on iOS.

The reliable method on mobile is: open the email, copy the 6-digit code shown prominently in the message, go to the Numwisely login page in Safari, enter your email, tap Continue, and then enter the 6-digit code in the code field. The code expires after 60 minutes.

If you are signing in for the first time, you receive a "Confirm your email" message. Clicking the confirm link or entering the code creates your account and logs you in.

If you already have an account, you receive a "Log In" magic link. Both flows use the same OTP fallback.

Sessions persist in your browser until you explicitly log out or clear browser data. There is no automatic session expiry during normal use. To log out, use the account menu in the top navigation.

If login is not working, check these in order: confirm the correct email address was used; check the spam or junk folder; confirm the email was opened within 60 minutes of receiving it; try the OTP code instead of the link; clear browser cookies for the site and try again.

Corporate email security tools (Microsoft Defender, Proofpoint) sometimes invalidate magic links by prefetching the URL before you click it. In this case, the OTP code is always the reliable fallback.