undefined | Better HN

0 pointsklabb33y ago0 comments

> It's about both parties having agreed _at least once_ on a way for the service to communicate important stuff to you.

Exactly. And the most important thing is password reset, because users forgetting passwords is the one true constant in the universe. Even if I'm not planning to spam you with newsletter crap, I'm still going to ask for your email just for this reason, otherwise I will get inf support tickets about lost accounts and worse, users who just give up.

It helps thinking of the pw reset flow as the true persistent identity/login and password is simply a shorthand. Magic links have virtually identitical security. With just marginally better end-to-end UX, the majority of users would prefer it. (For instance, note the iOS 2fa through text messages, that automatically scrapes the confirmation code and offers to insert it, without leaving the app).

0 comments

1 comments · 1 top-level

nmz3y ago

With this method, it seems to me the entire user registration information would be in your Sent folder. So forgetting the password should be more difficult. Though you would still need to reset a password.

1 more reply

j / k navigate · click thread line to collapse