“Magic email” login is the most stupid method to me. Yeah, just make it impossible to log in with my password manager. The average person probably has the weakest password for their email anyway so if a hacker has access to their account you just made it 100% easier for them to log in.

Fully agree, it’s almost security theater.

They need to offer a way for use with a password manager, maybe a slightly hidden option or detecting a really long password to stop all the extra bits.

I forgot what the service was but it will have my user and pass, prompt the email verify, and then it will ask for the token generated in an Auth app.

At a certain point the proper user probably can’t get in

Are you talking about TOTP?