DEV Community

Palomino for Logto

Posted on • Originally published at blog.logto.io

Is magic link sign-in dying? A closer look at its declining popularity

Magic link sign-in is a convenient and secure way to authenticate users. However, its popularity has been declining in recent years. Let's explore the reasons behind this trend and discuss the future of magic link sign-in.

Image description

Background

Magic link sign-in has long been hailed as a secure and user-friendly way to authenticate users without passwords. By sending a unique link to the user's email address, magic link sign-in eliminates the need for users to remember complex passwords and provides an additional layer of security.

However, in recent years, the popularity of magic link sign-in has been on the decline. Many products that once offered magic link sign-in as an authentication option have switched to other methods, such as social sign-in or biometric authentication (fingerprint or face recognition), and one-time passwords (OTP).

Couple days ago, I saw someone tweeted that "Magic links are the worst log-in experience ever." And many people agreed and shared their own frustrated experiences with magic link sign-in.

So I began to wonder: why is magic link sign-in falling out of favor?

What is magic link sign-in?

For those unfamiliar with magic link, here's a brief overview of how it works:

  1. The user enters their email address on the sign-in page.
  2. The server generates a unique token and sends it to the user's email address.
  3. The user clicks on the link in the email, which contains the token.
  4. A browser window opens, and the user is automatically logged in.
  5. For mobile app users, there will be a button on the mobile browser to help navigate them back to the mobile app.

Why people like magic link?

Magic link sign-in offers several advantages over traditional password-based authentication methods:

  1. Easy to use: No need to remember complex passwords.
  2. Secure: Reduces the risk of password-related hacks like phishing or brute-force attacks.
  3. Simple: Good for people who struggling with technology and password management.

It used to be a popular choice for companies looking to provide a seamless and secure authentication experience for their users. But why are there complaints about it now?

The hassle of switching apps

One big reason people don't like magic link any more is that it makes you switch between apps. Imagine you're on a mobile app and you want to sign in. After inputting your email, you will have to switch between the app, your mail app, and the browser, and finally if everything goes well then thank god you're back to the app.

This can be annoying and time-consuming, especially if you're in a hurry or have a slow internet connection. Not to mention sometimes the email just doesn't arrive, or it goes to the spam folder. Those extra steps can easily frustrate users and make them less likely to choose this sign-in method or even use the app.

The rise of other passwordless sign-in methods

Another reason for the decline in magic link sign-in popularity is the rise of other passwordless authentication methods. For example:

  • Biometric authentication has become increasingly popular due to its convenience and security.
  • Social sign-in that allows users to sign in using their existing social media accounts, is another popular alternative to traditional password-based authentication.
  • OTP, which sends a one-time code to the user's phone or email, is also a widely used method, especially when mobile phones can autofill the OTP code for you now.

Password managers and autofill

Password managers, such as 1password, web browsers, etc., have also played a role in the decline of magic link sign-in.

With these password managers, users can securely store and autofill their passwords across different websites and apps, eliminating the need to remember or manually enter passwords. Especially when combined with biometric authentication, the overall user experience is more and more seamless.

The verdict: Is magic link sign-in dying?

While magic link sign-in is still used by many companies, it's definitely facing tough competition and may struggle to stay relevant in the fast-changing world of online security. Do you still remember last time you used magic link to sign in? I honestly don't. So for me and many others, it seems it's indeed dying.

What is your take on this? What is your favorite sign-in method and why? Please feel free to share your thoughts with us.

Try Logto Cloud for free

Top comments (2)

Collapse
 
janmpeterka profile image
Jan Peterka

I'm struggling with this as a developer - it would be super convenient for me to use magic link - no need to manage passwords and such.

For me, the biggest reason not to rely only on magic link is that it relies on mails, and these are trouble:

  • we faced being labeled as spam account multiple times, preventing us to send any mails for hours
  • mails get lost, get send to spam, may have unreasonable delays

So, for that reason I stick with username/password as main way, and some complementing options - OAuth (convenient, but relying on some 3rd party), passkeys (quite non-mature, not always working), possibly magic link.

Collapse
 
charieszhao profile image
Charles Zhao

What you said is quite true. Emails are likely to be categorized into spam if the mail template looks "suspicious". Even if it's not, waiting for the email or SMS can be quite annoying, not to mention sometimes the service is unstable and you have to try multiple times before being able to manually input the code into the original app...
I think this explains why nowadays more people prefer social sign-in.
But username + password will never die, IMOH.