[rst]

Quite a few standard password login flows have a "magic link" stream already, in the guise of password recovery -- enter your username on a link, click "forgot password", and get an email with a magic link allowing you to log in (after resetting the password). Which means the security model is not, in some cases, exactly what it appears to be...

[dataflow]

Those can be actually worse because you end up having to choose a different password every time, and you're probably not going to make it stronger every time you forget...

[thitcanh]

Use your browser’s password suggestion.

I haven’t picked a password in a couple of years.