Good riddance to Auth0 and social logins
bitbytebit.substack.comUgh, I hate magic links.
1. Password managers often don't auto-fill the email/phone field.
2. Have to context switch to my email client.
3. The email often takes a little to arrive. Some services have truly awful delivery time. This can be managed if you send your own email but few people do.
4. In most cases you can just click the link then. But it becomes annoying if you want to open in a private tab/container tab/different browser/different device.
5. Even if it preserves your destination (it probably didn't) you now have the original tab lying around to clean up.
Compare this to username+password
1. Click login button. (Username + password already filled by password manager)
Hey, I see your point. It hasn't been an issue for me, mostly because 95% of users leave the "Keep me signed in" on.
The email arriving thing was a real problem, but I solved it by having a dedicated IP for transactional emails which has a reputation of 99% so it stopped being an issue.
Yeah, long login sessions makes most login flows excusable :)
It is probably the best solution if you can't/won't do real MFA.
Changing passwords relies on mail 99% of the time anyway. So if you are using mail+password to authenticate, you are basically doing magic links with extra steps.
Yes. For some people product owners don’t want to hear this. If having access to email means you can access the account then don’t prance around that with complicated recovery steps.