I applaud the initiative, since it removes the couple steps it takes a user to reset their password via "Forgot password" flows. However, this type of auth should really be self-hosted or baked into the most popular frameworks, instead of provided by (yet) another third party you'd have to trust with your users' email address (at the very least).
I applaud the initiative, since it removes the couple steps it takes a user to reset their password via "Forgot password" flows. However, this type of auth should really be self-hosted or baked into the most popular frameworks, instead of provided by (yet) another third party you'd have to trust with your users' email address (at the very least).