[woodall]

Not if the link can time-out or expire after X [days, minutes, seconds, ect]. When I think of emailing my self the password, I think of storing it in plain text in my email account. When I think of authentication via email I think of a one time use link that allows me to log into a session.

[repsilat]

Email is sent in plaintext. It'd be easy enough for an attacker to request an email authentication (which it then sniffs in transit). Expiry time doesn't help much.

Email auth really should be done as Joakal says - your public key stored on their server when you sign up, email auth is encrypted. Trouble is, it's "too hard" for "normal people". If gmail/outlook etc supported it, though, it could catch on.

[Cushman]

We're starting out from the position that my email is the keys to my digital castle... good or bad as that may be, if someone can reliably sniff my email in transit they already own my life.