[mjulian]

I love the product, but the login workflow is awful. Why innovate on logins? We've solved that problem.

Specifically, the login is a randomly-generated one-time code sent to your email address. Notion says this is more secure than them storing a username+password, but that's a dubious argument. They've also said this is two-factor auth (lolno). A side effect of this is that Notion is unusable on my mobile device since I have no email on it.

I really hope they implement a more traditional login system. Until then, I'm sticking with Evernote. :(

[lstamour]

They imply that the login is 2FA-protected because your email or Google account can be 2FA-protected, and they're piggybacking off that...

Having passwords means storing them correctly and still implementing some form of reset -- and if email is a weak point, they would have to 2FA prompt you to reset your password, or not use magic links, or handle such issues out-of-band. They're probably trying to avoid auth/password support by outsourcing this function to Google for the time being.

I agree though, the user experience that is hardest-hit by this is mobile, where iOS now supports much better integration with password managers than was allowed previously...

[SomeHacker44]

Thanks for telling me this. I will definitely avoid Notion now. I want a username/password combo at the very least, both different for every site I use, and preferably with TOTP as well. I never want my email to be used for security purposes as it is among the most hackable target out there.

[ex3ndr]

That very strange. If you don't have 2FA then you can just reset your password via hacked email.

[phponpcp]

Yeah dude someone might go through the trouble of hacking your email just so they can find your todo page with an unchecked checkbox for feeding your goldfish.

[dwaltrip]

You have no idea what they want to put in their Notion account. And so what if they want to have high security for something you deem trivial? You gain nothing by being an asshole about it.

[ukyrgf]

Ugh you reminded me why I never went all-in with Notion. Having to remember what email I signed up with every time I need to log in is super annoying (as it doesn't seem to trigger my browser's autofill dialogue).

[MattGrommes]

Yeah, Medium does this same thing and it makes me hate logging in so I'm rarely in the account I pay for. Especially since Medium makes you log in seemingly every few days.

[kjksf]

They also have a OAUTH login with google, which is the one I use.

But on the merits: not storing the password is safer than storing it so it's a valid claim.

And it is a 2fa mechanism to a tee (https://en.wikipedia.org/wiki/Multi-factor_authentication)

[wtmt]

> A side effect of this is that Notion is unusable on my mobile device since I have no email on it.

It’s unusable for me as well, but for a similar reason on the computer. When I’m on a computer, the last thing I want is to be forced to login to email for a code since I use web based email (which I don’t keep open all the time). Even if I were to use a desktop client, I wouldn’t have it kept open all the time.

These are “chores” added to the user experience.

[geekamongus]

Agreed. The login scenario has me highly dubious about going all-in with Notion.

[rickyc091]

I actually love their login, but it's not for the reason you would think. They expire the session very frequently which has been an annoyance for me, so log-in with the magic link has been faster than digging for the password through my manager.

[andrethegiant]

Digging? Doesn't your browser autofill it for you?

[wishinghand]

Slack tries to do this too. You have to click a few buttons to get the app to let you type in your username and password.