| > We always include a backup code in the email you can manually paste in. It's going to help me with any of that. Can't access backup code if email is closed. Won't prevent bot from stealing the account. Won't help me with sharing the account, I'm not going to give the backup code to the person every time they need to login. > Do you need to login to things repeatedly? I mean, sure your bank... but what else do you log out of? Banks. Stuff for which you have several accounts on the same service (I have 11 email accounts, 4 github accounts, 3 HN accounts, 3 reddit accounts). A lot of people have at least 2 fb accounts, one official and one personal, and most of them don't know about browser containers. > You and I use a password manager... but are they mainstream? My parents sure dont No, and I expect they will never be. Auth is not a solve problem. But email links are not the solution. At best, one login option, and a good way to start off. Password auth should always be offered. It's the most neutral, balanced, resilient, privacy friendly, interoperable stuff we have for now. |
I definitely don’t use this method for security conscious content / apps. Mostly for simple stuff with minimal to no private content.