Is Email-Based Login with One-Time Codes a Good Idea?

For your use case, switching to email codes makes a lot of sense. The annoying part for me is when fast food reward programs use email logins or 2FA just to access some coupons. I totally get wanting to cut down on risks, especially with stolen passwords being such a major issue lately.

I think passwordless logins through an email code can be efficient, especially for low-stakes applications. Just ensure that users have a way to remember their session or 'remember this device' feature to reduce friction over time. Users hate the extra steps, and reducing those can help improve the experience!

I absolutely despise those magic link emails! They take forever, are prone to phishing, and disrupt the flow of logging in. I’d prefer sticking with traditional usernames and passwords, or at least provide both options. Give me the choice to login in a way that works for me!

It really depends on the user's tech-savviness. If you’re targeting developers, they’ll likely be frustrated and prefer something they can autofill with their password manager. For average users who might struggle with remembering passwords, an email OTP could be welcomed. Offering both options could cover more ground.

Honestly, receiving a code can be maddening, especially when emails get delayed. But if it’s just a casual tool and not dealing with sensitive info like banking, people may not mind as much. A smoother experience could come from using magic links instead, which simplifies the login process by letting users click a link rather than inputting a code.