[onelovetwo]

Its an even bigger friction for users, essentially I have to login to another service to login to yours.

[Osiris]

Maybe they should offer a mobile app that works like microsoft and google where you get a notification and you click approve or deny on the phone. Basically, use traditional 2fa as the only factor instead of the second factor.

[pritambaral]

Another app is worse than another website.

[bogwog]

True, but I think most people are signed in to at least one email account on their phone, so in the ideal case it's as easy as two clicks: 1 to open the email notification, and 1 to click the magic link.

I wonder if it could be securely done with the web notifications API, to make it 1 click?

[jellicle]

Click on the service you want to log into, wait 30 seconds-10 minutes for email to arrive, THEN click on email and click on magic link.

[bombcar]

And end up clicking on it on the wrong device and now you’re logged in on your phone instead of the desktop.