Login forms in modals can provide a better UX as you can login on the current page, rather than clicking away to somewhere else. As long as there is still a URL-accessible login page somewhere.
And magic link auth can be smoother and more secure than using a password. Nothing to remember, reuse or forget. No being held hostage to the website's often crappy security policies.*
It outsources security to the user's inbox, but then so does password auth. A password reset email is just as vulnerable as a magic link email.
*It's infuriating, the number of websites I encounter where I can't use a strong generated password due to some bullshit rule. Seriously, no symbols in a password? Character limit? What??
It's a bit 'get off my lawn', this article.
Login forms in modals can provide a better UX as you can login on the current page, rather than clicking away to somewhere else. As long as there is still a URL-accessible login page somewhere.
And magic link auth can be smoother and more secure than using a password. Nothing to remember, reuse or forget. No being held hostage to the website's often crappy security policies.*
It outsources security to the user's inbox, but then so does password auth. A password reset email is just as vulnerable as a magic link email.
*It's infuriating, the number of websites I encounter where I can't use a strong generated password due to some bullshit rule. Seriously, no symbols in a password? Character limit? What??