undefined | Better HN

0 pointssriku10mo ago0 comments

A while ago, I implemented a signin approach that looks similar to this "send a link/code" mode but (I believe) can't be exploited this way - https://sriku.org/blog/2017/04/29/forget-password/ - appreciate any thoughts on that.

Btw this predates passkeys which should perhaps be the way to go from now on.

0 comments

1 comments · 1 top-level

richardwhiuk10mo ago

One problem is you are requiring users to trust and click on a link in an email which is historically frowned upon. So you are undercutting phishing education.

j / k navigate · click thread line to collapse