Thanks for the writeup, but I'd recommend people not use magic links, especially if they control access to paid features/finances.
This is because magic links are in essence sending user's password (or its hash) back to them in email, so a login page can be pre-filled. Emails are notoriously lacking in the encryption department (sent between servers without SSL).
A quick google search shows that some sort of authenticator app is much safer because it reaps the benefits of two-factor security and would use encryption. auth0.com/blog/is-passwordless-aut...
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks for the writeup, but I'd recommend people not use magic links, especially if they control access to paid features/finances.
This is because magic links are in essence sending user's password (or its hash) back to them in email, so a login page can be pre-filled. Emails are notoriously lacking in the encryption department (sent between servers without SSL).
A quick google search shows that some sort of authenticator app is much safer because it reaps the benefits of two-factor security and would use encryption. auth0.com/blog/is-passwordless-aut...