←back to thread

Ask HN: Magic links are bad UX and make people's lives worse. Change my mind

51 points figassis | 3 comments | 14 Apr 25 12:32 UTC | HN request time: 0s | source

Click login, get sent an email link that you have to first wait to be delivered (sometimes takes a full minute, sometimes you have to resend the link).

Sometimes the link goes to spam, sometimes you have to search for it like a needle in a haystack of other notifications.

Sometimes you are not logged into your email on that device, or it's a small screen that makes it a pain.

Maybe it's my mother, and she now has to go find where she wrote down her email password because she still can't figure out that 1Password thing I setup for her. Also, she does not have 1Password on this computer (maybe it's a public library).

All this pain because a developer did not want to bother with authentication.

Many, many products are like this nowadays, but the worst offenders are developer tools and OSS projects, and looks like the justification is just that, they just wanted to scratch their itch of a specific feature, why bother with auth when there is google.

Am I crazy?

Show context
figassis ◴[14 Apr 25 18:47 UTC] No.43684713[source]
Thanks for the comments. This is a strange feeling. I rarely feel so at odds with the general opinion.

My experience is, passwords are a 1 second affair: open website, tap credential highlighted by password manager, trigger face/touch id or whatever exists on android/windows, done.

Email experience: open website, click login, get some link, go to another app, wait for it to pull emails, look for email, open email, click link, opens in browser, maybe not the same browser where you opened the app, so go back and copy link, realize copying links from email buttons is not easy on mobile, finally login.

If this is where you guys want this to go, it sucks. How can we improve it? Maybe we need to implement some wait to do what apple does when you get a 2FA code via sms? It just shows it to you in app instead of having you open messages app?

replies(3): >>43685679 #>>43685932 #>>43720245 #
1. medhir ◴[14 Apr 25 20:25 UTC] No.43685932[source]
we have passkeys… unfortunately it doesn’t seem like the narrative really took hold in the mainstream.

I’ve been building an app with passkey auth as the default and people are surprised that such an experience exists.

replies(1): >>43690691 #
2. coldtrait ◴[15 Apr 25 09:27 UTC] No.43690691[source]
Can you explain what stack you use to build it? Do all of them support it easily?
replies(1): >>43730766 #
3. medhir ◴[18 Apr 25 18:42 UTC] No.43730766[source]
I’m using Keycloak as my auth server. Took a bit to figure out the configuration necessary.

Tbh I don’t feel like most providers (including Keycloak) are offering strong, turn-key solutions for this.

The closest I saw to streamlined passkey support that you can host yourself is from Hanko.io - that provider didn’t work for my use case but something to consider.