For the love of all things holy: I know the idea that 'passwords are dead' is a hip and trendy UX idea, but the reality is far from this.

I am currently dealing with a platform that I need to use daily, that doesn't and it is the pits.

To login, its a 6 six digit pin sent to a plain text email every time your session expires. This pin lasts 10 minutes. Another 6 digit pin for MFA, this time from your authenticator of choice.

In principle this is somewhat sound, although arguably, whatever APT has compromised my email account without me knowing it, has logged in and has a full days access, in this model. That or my hypothetically abusive significant other, or other miscellaneous stalker with physical access to my device.

The usability problem is far less exotic though, I am just a busy, time blind, person.

I go to the platform, start the login process, get sideswiped by 17 slack notifications. The email with the pin now is expired, but I have no idea, to me, 30 seconds flew by (it was really 15 minutes)

This would all be so much simpler if I could just use my password manager of choice.

Seriously, what is so wrong with something I know?