↳
In-reply-to
»
@eaplmx CSS Battle has a passwordless login, I don't know the implementation but it basically send you and email where you click a link and you're in.
⤋ Read More
@prologic@twtxt.net well, not 100% right but it’s a valid assumption.
If you are able to reset your password by email, it’s a pretty similar level of security than receiving an access token by email. Anyone with access to your mail could get access to your accounts.
Adding a second factor of authentication could help, or using something with Public/Private cripto would be better, like Client Certs, Fido2 or even hipster things.
And also giving alerts that someone else is connected in your behalf is great (like is done for some banks or Google) , but that’s a UX compromise between convenience and security.