|
|
|
|
|
|
by jitl
1935 days ago
|
|
|
I think magic links can be quite secure, and for spike.sh most users will have a company provided and company managed email account. There are also techniques to make magic links more secure, like pinning them to the browser/device that requested the log-in using a cookie. I think passwordless-only is a bad call for the consumer market. Notion ran passwordless for years but we dealt with constant issues of users losing access to their email and having no (easy for them) way to prove ownership of the related Notion account. We switched to normal password accounts. |
|
|