“Magic email” login is the most stupid method to me. Yeah, just make it impossible to log in with my password manager. The average person probably has the weakest password for their email anyway so if a hacker has access to their account you just made it 100% easier for them to log in.
It's to outsource the security risk/liability to a third-party
Even though I can’t stand “log in with…”-style logins I’d still take that over the stupid link.
Oh yea. 100%. You can't have your vibe coded insecure supabase user database stolen with plaintext creds if you don't store user creds in the first place.
Well that's definitely the lesser of two evils
It's one of those dark patterns that prevents account sharing. So if you use a magic email login, nobody can share their account with their family & friends and everybody has to pay. Profit!
laughs in Sieve filter
You can just automate forwarding those login emails, no?
I mean if your email is compromised, most of your accounts can have their passwords reset, no? So it’s basically the same as resetting your password every time you log in. Dumb, I agree, but surely not worse from a security standpoint, right?
Fully agree, it's almost security theater.
They need to offer a way for use with a password manager, maybe a slightly hidden option or detecting a really long password to stop all the extra bits.
I forgot what the service was but it will have my user and pass, prompt the email verify, and then it will ask for the token generated in an Auth app.
At a certain point the proper user probably can't get in
Are you talking about TOTP?
Yes, for the last Auth they had me use TOTP.
Thanks, still having my morning drink and forgot the name, When I replied.
To be fair basically all services allow resetting passwords via email so even without the magic email link they'd be fucked anyways if their email got hacked.
This, exactly, stopped me from subscribing to a service last night
My biggest annoyance with these processes is when they ask for your user name (loading...) then takes you to a different page to ask for your password (loading...)
Like, just stick them on the same page, it's an annoyance for the sake of trying to get us to use auto sign in
it's an annoyance for the sake of trying to get us to use auto sign in
Not really, that's more in the realm of incompetence than malice. Its basically the cheapest and fastest way to implement multiple different log in methods within one login page.
Let's say you have Google login, Facebook login, SSO (corporate single sign-on), Email/SMS codes and good old password and username. The easiest option would be to just put a different login button for each of these and be done with it. That works as long as your users know what type they should use.
But once you have a user that doesn't know what he should use you need a backup login that always works. Thats what the standard login button is used for nowadays. When you put in your username/Email it checks the associated login method for that account and redirects you to the correct login page. That way multiple login methods can be accessed with the same starting page.
Sure, its mildly annoying for people that use a normal passwords, but considering that the overwhelming majority of people either uses Google sign in or just stays logged in, its a very easy decision to make for the developers.
It's especially good when you already have an account but accidentally press the Google button and then it creates a duplicate account with the same email and breaks the login for your regular email.
Who needs 'vibe coding' when people have been building half-broken shit the old-fashioned way for years?
Guess on which code the vide coding models were mostly trained....
Vice coding exists so you can break more shit faster
I got this yesterday after signing back in to my google account. Like fuck off, google, i know you already know my address. Its just for those "ads purposes" they try to sneak in the bottom there.
My sister told me she had problems recovering her password. The page said "email address not registered" when she tried that but "email address in use" when she tried to create a new account. She eventually tried "Sign in with Google" (it was a Gmail address), which led to a permission page, making it seem like she was setting up a new connected service to the account. She went through with it and saw her profile page with all her details, history and credits. By the time she navigated to another page, her account had been reset to a new one with nothing but an email address... The service admins did have a backup though and restored the account.
And I remember a site that would show you your password in account details, and did not even support https... in 2011 up to fucking 2015. Gaining control of all 300,000+ accounts (not hard if the backend's security was as strong as it seems to have been) would not have been valuable itself (users could not interact, the site was basically a quiz game with a leaderboard akin to freerice.com) but it was for children 6-18, most of whom would reuse passwords. And it was designed by CDI.cz, a major web design agency with high-profile Czech clients including the post office, a top 3 telecom, a major heath insurance provider and the national railway company...
After the age check laws take effect; you won't need to log in. They will know who you are.
You only have to type the url in your browsers adress bar and you will recieve your obligatory bone sampling kit in your mail box the next day.
Buy the Google stock, average people dont give a flying shark about privacy.
This kind of thing really thoroughly gets on my nerves.
Why won't you give it your bones???
I wonder if it's because some usage statistics tell those sites that 99% of users visiting the site are already logged in and the only case someone is not logged in when they don't have an account yet or if they are just stupid.
As a web developer I simply have to tell you that this clearly superior web design is the only thing I ever implement. You have to understand the maximized convenience this workflow gives the user and the UX implementation for this makes the login experience flawlessly seamless without any hickups. /s
Jokes aside. How the fuck did we even get here?
Deviant art?? This is not July of 2025 for sure
A place to share screenshots of Microblog posts, whether from Mastodon, tumblr, ~~Twitter~~ X, KBin, Threads or elsewhere.
Created as an evolution of White People Twitter and other tweet-capture subreddits.
RULES:
RELATED COMMUNITIES:
