> ## Documentation Index
> Fetch the complete documentation index at: https://docs.omneo.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Passwords and Authentication

> How customer authentication works for Profile Portal and account access.

Customer authentication for Profile Portal and Omneo-powered account experiences uses a passwordless magic link flow by default, with optional password-based authentication.

## Magic link (default)

The default and recommended authentication method. The customer enters their email address, Omneo sends a secure magic link to that address, and clicking the link logs them in without a password.

Benefits:

* No password for customers to forget
* Eliminates the risk of weak passwords or credential stuffing
* Reduces support enquiries about forgotten passwords

## Password authentication (optional)

If your implementation requires password-based login (e.g., for eCommerce account integration), customers can set a password on their Omneo profile. Passwords must be strong and are stored with bcrypt hashing.

Omneo does not expose passwords via the API.

## Staff accounts (CX Manager)

CX Manager users require a password. Per Omneo's security policy, passwords must be at least 32 characters. Use a password manager to generate and store secure passwords.

Staff should never share CX Manager credentials. Each staff member should have their own account with the appropriate role.

## Resetting a customer's access

If a customer reports they cannot access their account:

1. Verify their identity (ask for name, email, recent purchase details)
2. Confirm their email address in CX Manager
3. Trigger a new magic link send from their Profile Portal login page

Do not share or reset passwords on behalf of customers, have them initiate the reset themselves for security.

## OAuth and SSO

For eCommerce integrations, Omneo supports OAuth 2.0 for connecting platform-level customer accounts to Omneo profiles. See [Authentication](/dev-guides/core-setup/authentication) for technical details.
