I'm developing a niche Chrome extension that I'll be charging for, and I want to ensure my website handles payment and user access securely. To minimize risks associated with sensitive data, I'm considering implementing a login method that relies solely on a one-time code sent to users' email instead of traditional passwords. Would it be practical to provide just this option, or should I make this the default while also allowing users the choice to log in with email and password?
5 Answers
For your situation, I think going with email codes could make sense. The only times I find it annoying are with certain fast food reward programs that require email logins for what feels like no reason. Still, there's a security justification behind it, even if it's a bit overboard.
If you’re catering to a general audience rather than tech-savvy folks, they might appreciate skipping the password step altogether. You could set up a hybrid system that remembers devices to make it less of a hassle.
I find email codes incredibly annoying, especially when they expire quickly. If the email is delayed, I could be locked out for a while. I prefer traditional logins, but some people find skipping passwords more user-friendly.
Honestly, I find it acceptable as long as the email autofills the code on iOS. But having to click a link instead of just entering a code can really get under my skin. I'd much rather use my password manager without interruptions.
Using just email for login seems risky to me. Email isn’t very secure, so I’d advocate for using stronger options like TOTP (Time-Based One-Time Password). If a user’s email gets compromised, it can dismantle this whole code strategy.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads