Crosscheck
Security & Privacy

Authentication

Crosscheck uses passwordless authentication exclusively. There are no passwords to create, remember, or manage. You sign in using a one-time password (OTP) sent to your email, a magic link, or by continuing with your Google account.

Authentication Methods

Email OTP

Enter your email and receive a one-time password. Type the code into the verification screen to sign in. The OTP expires after a short window for security.

Magic Link

Request a magic link sent to your email. Click the link to sign in instantly without entering any code. The link is single-use and time-limited.

Continue with Google

Sign in with your Google account in a single click — no OTP required. Your Google email is used to match or create your Crosscheck account.

Signing In with Email OTP

1

Enter Your Email

On the Crosscheck login page, enter your email address and click Continue.
2

Check Your Inbox

A one-time password is sent to your email. Check your inbox (and spam folder if needed) and copy the code.
3

Enter the OTP

Enter the code on the verification screen. You are signed in immediately upon successful verification.

Signing In with a Magic Link

If you receive a magic link via email, clicking it will sign you in automatically in the browser that opens the link. Magic links are single-use and expire after a short time for security.

Continuing with Google

Click Continue with Google on the Crosscheck login page and pick the Google account you want to use. You are signed in instantly — no OTP, no extra confirmation step. If this is your first time signing in, a Crosscheck account is created automatically using your Google email.

Extension Authentication

The Chrome extension shares your authenticated session with the web application. When you sign in on the Crosscheck dashboard and then open the extension, it automatically receives a secure token that keeps you authenticated.

If you sign out of the dashboard, the extension token is invalidated and you will need to sign in again to continue using the extension.

Session Management

Sessions are managed with secure, industry-standard tokens. Key points:

  • Tokens are short-lived and automatically refreshed.
  • Every request is verified before processing.
  • The extension shares your authenticated session securely.

Connecting Third-Party Integrations

Authentication to Crosscheck is separate from authentication to external services like Jira and ClickUp. Those integrations also use OAuth, but on a per-user basis — each workspace member connects their own Jira site or ClickUp workspace from the Integrations page in the sidebar. Connecting an integration only authorizes Crosscheck to create tasks on your behalf in that external service; it has no effect on how you sign in to Crosscheck itself.

Each connection can be re-authorized or removed from the same Integrations page using the menu next to Connected. Disconnecting an integration immediately invalidates the stored OAuth token.

After Your First Sign-Up

When you sign up for the first time, you will be guided through a short onboarding flow where you provide your first name, last name, and profession. This helps personalize your Crosscheck experience.

No Password Management
With passwordless auth, there is no password database to protect, no password reset flows to maintain, and no risk of credential stuffing or brute-force attacks against passwords.
Previous
DevTools Data Filtering
Next
Extension Not Working
Last updated: March 2026