Magic links offer a secure and intuitive authentication method by sending users a unique link via email. Upon clicking the link, users are redirected to the application’s endpoint for token verification and sign-in, eliminating the need for passwords.
Am I missing something? So if someone hacks my email they now have access to all of my accounts? No thanks.
Am I missing something? So if someone hacks my email they now have access to all of my accounts? No thanks.
If someone hacks your email you’re already fucked, since for most accounts all that’s required to do a password reset is having email access.
This is a API for Bitwarden Passwordless.dev, not for the Bitwarden password manager.
E:
Plenty of auth implementations that do stuff like this already, and like the other person said, if your email is compromised, you’re already fucked.