Sometimes the link goes to spam, sometimes you have to search for it like a needle in a haystack of other notifications.
Sometimes you are not logged into your email on that device, or it's a small screen that makes it a pain.
Maybe it's my mother, and she now has to go find where she wrote down her email password because she still can't figure out that 1Password thing I setup for her. Also, she does not have 1Password on this computer (maybe it's a public library).
All this pain because a developer did not want to bother with authentication.
Many, many products are like this nowadays, but the worst offenders are developer tools and OSS projects, and looks like the justification is just that, they just wanted to scratch their itch of a specific feature, why bother with auth when there is google.
Am I crazy?
- People tend to use bad passwords
- People tend to forget passwords (you need to write whole password recovery, etc)
- You always have your smartphone with email close to you
- It's way easier than 2FA with Authenticator and cheaper than SMS
- You limit password sharing for your service
But it isn’t better for the user of the service.