←back to thread

Ask HN: Magic links are bad UX and make people's lives worse. Change my mind

51 points figassis | 1 comments | 14 Apr 25 12:32 UTC | HN request time: 0.47s | source

Click login, get sent an email link that you have to first wait to be delivered (sometimes takes a full minute, sometimes you have to resend the link).

Sometimes the link goes to spam, sometimes you have to search for it like a needle in a haystack of other notifications.

Sometimes you are not logged into your email on that device, or it's a small screen that makes it a pain.

Maybe it's my mother, and she now has to go find where she wrote down her email password because she still can't figure out that 1Password thing I setup for her. Also, she does not have 1Password on this computer (maybe it's a public library).

All this pain because a developer did not want to bother with authentication.

Many, many products are like this nowadays, but the worst offenders are developer tools and OSS projects, and looks like the justification is just that, they just wanted to scratch their itch of a specific feature, why bother with auth when there is google.

Am I crazy?

1. theGeatZhopa ◴[14 Apr 25 12:58 UTC] No.43680791[source]
i think, its more then convenient to click on a link and being logged in. No account creation, no risk of leaking hashes/pwds/info. I don't have to remember what password is used where (minimizing the risk of one big password for all sites), no monolithic mammoth-authentication-systems with a single/multiple point-of-failures, no auth-gate-keepers.

The problems with passwords you mention, are valid. But, the same situation will happen for authentication - your mom can't remember her email account's pwd, but then you want her to remember facebook, google and all the other services' pwds?? Just think about where is the difference of "remember email pwd" and "remember 1Password pwd" ?? absolutely no difference.

So, while I understand your points, I'm thinking, magic links are the easiest and failure proof and user friendly way, to verify the user.

Another point is: Onboarding is very fast. The new user doesn't even need to bother with input of pwds, verfication, etc ...

for me:

please no account creation in the old style. Give me magic links. Implement a 2nd factor to check, if necessary - but just let them passwords dieeeeee