[jonahbenton]

An excellent women's soccer publication, Equalizer Soccer [1], which seems to use Memberful, has the authentication system I want EVERY non-critical publisher/app to use-

1. enter email address

2. email me a signin link

3. i click the link

4. i am in, on whatever device i am using

There is no password and no needed coordination with my password management.

It is glorious.

1. https://equalizersoccer.com/

[mooreds]

My employer (FusionAuth) has the same feature in our community edition and it's quite popular: https://fusionauth.io/docs/v1/tech/passwordless/magic-links

It is glorious from the user perspective, but there are actually some subtleties from the implementation perspective that caused us some grief.

First of all, you have email configuration and deliverability. The answer is to outsource it to a provider like Sendgrid, SES, or Mailgun.

Then, there's anti phishing email software which can expire one time tokens as it probes to prevent phishing attacks. More on how we built around that here: https://github.com/FusionAuth/fusionauth-issues/issues/629

[melony]

You can implement this in about 10 lines with synced tab session management if you use Vercel's library.

https://authjs.dev/

Here is the token generation logic

https://github.com/nextauthjs/next-auth/blob/main/packages/n...

[giaour]

Popeyes.com does the same. Is really convenient, and I appreciate not having to trust a chicken chain with anything more sensitive than my email address.

[rsj_hn]

Substack also supports email sign-in,

https://substack.com/sign-in?redirect=%2F

..but they have the option of a password sign in as well. It's really a good idea.