[Gigachad]

To be safe the link can load a page with a form / button that says confirm the login.

[layer8]

Some people will still click the button because they expect it will give them more information about why they received the link. You can add text along the lines of “authorize login on $other_device”, but it’s still risky.