[jsunderland323]

Magic links are great because they essentially eliminate ATO attacks and allow startups to bypass SAML requirements by delegating to the mail provider. I’m 100% willing to forgo efficiency gains of passwords and managers as both a user and developer.

[rkagerer]

All you're doing is punting your security to my email provider. It's annoying how many companies assume I have absolute trust in my ISP/Google/Miscrosoft/IT.

[ceejayoz]

> essentially eliminate ATO attacks

They kinda increase the blast radius of an ATO attack on your email account, though.

[jasfi]

Replying too late, most likely. But with access to your email account someone could reset your password to what they want it to be and gain access.