1. Password managers often don't auto-fill the email/phone field.
2. Have to context switch to my email client.
3. The email often takes a little to arrive. Some services have truly awful delivery time. This can be managed if you send your own email but few people do.
4. In most cases you can just click the link then. But it becomes annoying if you want to open in a private tab/container tab/different browser/different device.
5. Even if it preserves your destination (it probably didn't) you now have the original tab lying around to clean up.
It is probably the best solution if you can't/won't do real MFA.
Changing passwords relies on mail 99% of the time anyway. So if you are using mail+password to authenticate, you are basically doing magic links with extra steps.
Yes. For some people product owners don’t want to hear this. If having access to email means you can access the account then don’t prance around that with complicated recovery steps.
1. Password managers often don't auto-fill the email/phone field.
2. Have to context switch to my email client.
3. The email often takes a little to arrive. Some services have truly awful delivery time. This can be managed if you send your own email but few people do.
4. In most cases you can just click the link then. But it becomes annoying if you want to open in a private tab/container tab/different browser/different device.
5. Even if it preserves your destination (it probably didn't) you now have the original tab lying around to clean up.
Compare this to username+password
1. Click login button. (Username + password already filled by password manager)
Changing passwords relies on mail 99% of the time anyway. So if you are using mail+password to authenticate, you are basically doing magic links with extra steps.