Passwordless Email Logins

The cluster discusses replacing traditional passwords with email-based magic links or one-time authentication tokens for website logins, weighing benefits like reduced password management against drawbacks such as user friction, email dependency, and security concerns.

📉 Falling 0.5x Security

3,574

Comments

Years Active

Top Authors

#3989

Topic ID

Activity Over Time

2007

2008

2009

2010

2011

152

2012

247

2013

194

2014

259

2015

128

2016

155

2017

213

2018

185

2019

232

2020

207

2021

243

2022

413

2023

210

2024

236

2025

293

2026

Top Contributors

StavrosK (28) callahad (21) nickjj (16) WorldMaker (14) mooreds (14)

Keywords

FB HN B2C ycombinator.com ANY TBD URL EDIT THINK BUT password email login passwords user log email address click link username

Sample Comments

baron816 • Mar 10, 2017 • View on HN

Why not get rid of passwords completely and just send a link to log in to the user's email address?

vxNsr • Jul 18, 2018 • View on HN

I recently joined a website the did away with passwords, the only way to login was to enter your email address and confirm by pressing a link in the email, while this adds a pain point for customers it offloads most security implications onto the email provider.

anderspitman • Apr 3, 2020 • View on HN

Why not ditch passwords altogether and only do magic-link logins via email a la slack?

SwellJoe • Dec 25, 2015 • View on HN

Complex situations:- I'm logging in from a new computer. Maybe a computer I don't trust enough to log in to my email (which controls nearly everything, as you note). Not all services are that important or need the same level of care as email.- I'm a user that has greylisting enabled on my mail server, potentially delaying the email for several minutes.Confusing:- I'm a user that has never seen/used this authentication workflow. While user/pass is annoyin

rahuldottech • Jul 16, 2019 • View on HN

Something very similar is used by Slack, Medium (also Discord and Quora, iirc), wherein they just send you an email with a link. You click on it, are logged in, cookies set and all that jazz.I hate it, however. Quoting from another HN comment of mine:It's _not_ convenient in many cases, such as if you're using an incognito/private window, or on a friend's computer, school PCs, don't have access to email, etc.I much prefer the traditional username+password system

onetokeoverthe • Feb 11, 2025 • View on HN

would requiring a un/pw sent to an email address work￶?

gtirloni • Dec 7, 2019 • View on HN

Passwordless logins through email should be an option, not the only method.

al_borland • Sep 8, 2024 • View on HN

I’ve seen sites that cut out the forgotten password step, or passwords entirely… email is the authentication.1. Type in email address2. Get sent and email with code3. Enter code to loginWhile I can understand why someone might do this, as someone with multiple emails I kind of hate it. I had to add it to my password manager with the email and a note, so I remember which one to use and it’s not missing a password.

kcima • Feb 15, 2012 • View on HN

Authentication on most of the web is directly connected with an email address.If you have access to an account's email, then you can have access to the account.Since most people have their email always open, or at least a click or two away from being open, why not skip the password creation altogether?Users are presented with an email field and a button saying something like, "Send me a key to login".An email is sent that contains a direct login link with a temporary token. Login t

WA • Sep 8, 2024 • View on HN

I run a small B2C app. Users sign up with their email address only, a password field isn't even present. This creates the account and logs in the user "indefinitely" on this device. If they ever need to login on another device, they can request a new password. This way, this removes a) signup friction und b) weak passwords, because most people never need to login on another device anyways.