Sean CoatesThis increasingly-popular pattern of “you don’t have a password, we’ll just email you a token each time you log in” is truly obnoxious for those of us who have a good password/security practice.
Paul Reinheimer@sean I'm trying to get stuff done now. Not in 6 minutes when our mail servers have decided to be friends.
@preinheimer I’m digging through a giant pile of email from when I was out of the office, and you just made me look in a different place for your dumb token when I literally have a button in my browser that would have completed this seamlessly 6 minutes ago.
@sean New Account flow suggestion: Please enter your password.
Option 1. User enters a new character every few seconds, or it's a dog's name.
Hey, would you rather not have a password, we could just send you a link!
Option 2. 32 characters are pasted instantly.
Would you like to set up 2FA? We support all FIDO2, U2F, and OpenPHP keys.