←back to thread

Ask HN: Magic links are bad UX and make people's lives worse. Change my mind

51 points figassis | 4 comments | 14 Apr 25 12:32 UTC | HN request time: 0s | source

Click login, get sent an email link that you have to first wait to be delivered (sometimes takes a full minute, sometimes you have to resend the link).

Sometimes the link goes to spam, sometimes you have to search for it like a needle in a haystack of other notifications.

Sometimes you are not logged into your email on that device, or it's a small screen that makes it a pain.

Maybe it's my mother, and she now has to go find where she wrote down her email password because she still can't figure out that 1Password thing I setup for her. Also, she does not have 1Password on this computer (maybe it's a public library).

All this pain because a developer did not want to bother with authentication.

Many, many products are like this nowadays, but the worst offenders are developer tools and OSS projects, and looks like the justification is just that, they just wanted to scratch their itch of a specific feature, why bother with auth when there is google.

Am I crazy?

1. aosaigh ◴[14 Apr 25 12:48 UTC] No.43680710[source]
> Maybe it's my mother, and she now has to go find where she wrote down her email password because she still can't figure out that 1Password thing I setup for her. Also, she does not have 1Password on this computer (maybe it's a public library).

This is exactly the reason people use magic links - passwords are painful.

I generally don't mind having one or the other, so either password or magic link. What I can't stand is having both in the same login flow:

- Enter your email

- Get sent a magic link

- Open magic link

- Continue and enter your password

- Enter your 2FA as well

- Smash computer

replies(1): >>43681097 #
2. PaulHoule ◴[14 Apr 25 13:34 UTC] No.43681097[source]
Passwords aren’t painful if you have good tools for them such as password generator/managers, what is painful is all of the sites that break them by making you change your password periodically or requiring particularly obtuse sets of characters or prohibiting certain characters like ‘ or \ (if you have to confess that kind of malpractice just fire your IT already)
replies(1): >>43684686 #
3. iteria ◴[14 Apr 25 18:45 UTC] No.43684686[source]
I disagree. It's easier to get the non-technical in my life to remember one password than many. And most of them can't even manage that. I too have failed many times with 1password. It's literally one password and they can't remember it. It makes me understand why I keep seeing new email addresses: the moment their phone dies, they are out of luck because they don't remember their email passwords. At least magic link is one less password for them to forget.
replies(1): >>43701074 #
4. queenkjuul ◴[16 Apr 25 03:16 UTC] No.43701074{3}[source]
And when they can't log into the email to get their magic link because they don't know the password?

We're just moving the problem