Hacker News new | ask | show | jobs
by BiteCode_dev 2283 days ago
I see many problems with that:

- if you change your email address, or have any problem with it (oups, google has blocked you again!), you can't log in. Have been bitten by this when myopera.com closed and I couldn't access my old email. I lost some accounts.

- emails are clear text, so bots can intercept a login link and use it

- if you want to share the account with somebody, you gotta give them access to your email

- I don't want my inbox to be polluted by 15 login email every day

- using my password manager is much faster than doing this
2 comments
MobileVet 2283 days ago
We always include a backup code in the email you can manually paste in.

Do you need to login to things repeatedly? I mean, sure your bank... but what else do you log out of?

You and I use a password manager... but are they mainstream? My parents sure dont

link
BiteCode_dev 2283 days ago
> We always include a backup code in the email you can manually paste in.

It's going to help me with any of that. Can't access backup code if email is closed. Won't prevent bot from stealing the account. Won't help me with sharing the account, I'm not going to give the backup code to the person every time they need to login.

> Do you need to login to things repeatedly? I mean, sure your bank... but what else do you log out of?

Banks. Stuff for which you have several accounts on the same service (I have 11 email accounts, 4 github accounts, 3 HN accounts, 3 reddit accounts). A lot of people have at least 2 fb accounts, one official and one personal, and most of them don't know about browser containers.

> You and I use a password manager... but are they mainstream? My parents sure dont

No, and I expect they will never be. Auth is not a solve problem.

But email links are not the solution. At best, one login option, and a good way to start off.

Password auth should always be offered. It's the most neutral, balanced, resilient, privacy friendly, interoperable stuff we have for now.

link
MobileVet 2283 days ago
Thanks for sharing, lots of good thoughts.

I definitely don’t use this method for security conscious content / apps. Mostly for simple stuff with minimal to no private content.

link
MobileVet 2283 days ago
Also... can you expand on ‘bots can intercept a login link?’

You would have to be actively engaged with a ‘man in the middle’ for this to be an issue. Am I missing something.

link
BiteCode_dev 2283 days ago
Same reason people push for HTTPS everywhere.
link