Jared

basically was like, I can't lose what I don't have. Sure. And I don't have any reason to store your password if I can get away with it. I had realized I had this little epiphany. I think other people were starting to realize this as well, that the forgot password flow is what most people end up doing when they don't visit a website very often.

basically was like, I can't lose what I don't have. Sure. And I don't have any reason to store your password if I can get away with it. I had realized I had this little epiphany. I think other people were starting to realize this as well, that the forgot password flow is what most people end up doing when they don't visit a website very often.

And our kind of website is the one where you're not going to visit all the time. Like you're going to come in, you know, subscribe, unsubscribe, comment. Once every couple of years, maybe. Yeah, exactly. Yeah. And so every time you come back, unless you live in password manager land, which admittedly a lot of our people do, you're doing the forgot password flow anyways.

And our kind of website is the one where you're not going to visit all the time. Like you're going to come in, you know, subscribe, unsubscribe, comment. Once every couple of years, maybe. Yeah, exactly. Yeah. And so every time you come back, unless you live in password manager land, which admittedly a lot of our people do, you're doing the forgot password flow anyways.

And so what if we just only did the forgot password flow? It's just as secure, only better because now I don't have to have passwords in my database anywhere ever. And there's just nothing I can lose. And that was basically the reason. And yeah. I still like it for that reason, but yeah, there are all kinds of little, like you said, sands in the gears that you run into with magic links.

And so what if we just only did the forgot password flow? It's just as secure, only better because now I don't have to have passwords in my database anywhere ever. And there's just nothing I can lose. And that was basically the reason. And yeah. I still like it for that reason, but yeah, there are all kinds of little, like you said, sands in the gears that you run into with magic links.

The most of which for us has been delayed email. It's just like, even if you get the email right away, it's a little bit slower than a password manager.

The most of which for us has been delayed email. It's just like, even if you get the email right away, it's a little bit slower than a password manager.

It breaks the flow. It does break the flow just slightly, but it really breaks the flow if that email isn't delivered immediately and it's delayed two, three, five. Sometimes, you know, if things get circling up there in the ether and not landing 15 minutes, 30 minutes, now you're basically like, I can't sign into your website. We've had that issue over time for sure.

It breaks the flow. It does break the flow just slightly, but it really breaks the flow if that email isn't delivered immediately and it's delayed two, three, five. Sometimes, you know, if things get circling up there in the ether and not landing 15 minutes, 30 minutes, now you're basically like, I can't sign into your website. We've had that issue over time for sure.

able to do that post that's exactly how i handled it as well i had specifically i think outlook certain versions of outlook or maybe live 365 it's a microsoft product well yeah we'll pre-click on links for you in order to do malware checks and blah blah blah and so they would use just the get request would use that one-time password and then you'd hit it yourself and it wouldn't work anymore because it's been used and i had enough people complain about that over the years i mean we've been it's been nine years

able to do that post that's exactly how i handled it as well i had specifically i think outlook certain versions of outlook or maybe live 365 it's a microsoft product well yeah we'll pre-click on links for you in order to do malware checks and blah blah blah and so they would use just the get request would use that one-time password and then you'd hit it yourself and it wouldn't work anymore because it's been used and i had enough people complain about that over the years i mean we've been it's been nine years

So, you know, we don't have that many Outlook users, but enough where like, I don't want anybody to have a bad experience. And so every time I'm like, for a while, I was like, please don't use crap software. No offense. That didn't work. And then I'm like, well, you can't, you can only say that a couple of times. And then like the sixth, seventh time, I'm like, I gotta solve this problem.

So, you know, we don't have that many Outlook users, but enough where like, I don't want anybody to have a bad experience. And so every time I'm like, for a while, I was like, please don't use crap software. No offense. That didn't work. And then I'm like, well, you can't, you can only say that a couple of times. And then like the sixth, seventh time, I'm like, I gotta solve this problem.

It can't be that hard. And so it's like, well, I guess I just require JavaScript. You know, I just changed that to you land on the page and then the page itself does the post and that's what gets you in and that solved it. But again, one of those little wrinkles that you don't think about until it's deployed out there and people start to complain.

It can't be that hard. And so it's like, well, I guess I just require JavaScript. You know, I just changed that to you land on the page and then the page itself does the post and that's what gets you in and that solved it. But again, one of those little wrinkles that you don't think about until it's deployed out there and people start to complain.

Well, it's a one-time magic link. And so once it gets used, you don't want it to still work.

Well, it's a one-time magic link. And so once it gets used, you don't want it to still work.

Yeah, absolutely. It's just this balance between optimal security and usability, which is so hard to strike. And because everybody kind of wants to do it their own way. I mean, there's people who are like SSO for life, right? Like, just let me log in with my Google account. I'm actually the opposite. I don't want to use any of that junk.

Yeah, absolutely. It's just this balance between optimal security and usability, which is so hard to strike. And because everybody kind of wants to do it their own way. I mean, there's people who are like SSO for life, right? Like, just let me log in with my Google account. I'm actually the opposite. I don't want to use any of that junk.