Hey friends So I am working on a rewrite of my website can see downs.com and one thing that I'm adding is user accounts so you can set up an account and I'm not going to tell you why you might want to do that. I have a little bit of a surprise.
But the reason that I mentioned this is because I'm using Firebase authentication and I started out with the username and password regular old username password sort of thing that you're used to. And it worked pretty well. I had a password reset. I had forgot my password. I had changed password and updated email all that stuff was all implemented butIn as I was working on all of this I started to I think personally I actually really like the magic link for stuff because for various reasons it's it's incredibly more secure.
So like if I were to have a data breach which of course, it wouldn't be me it would be Firebase I would have the data breach. So, I'm not really worried about that. But if that were to happen or rather for services that I use I prefer and that they use magical links because if they were to have a data breach all that's lost is my email address, which is,Everywhere There's nothing secret or private about my email address.
They wouldn't be able to get my password. And I do use a password manager, but I wouldn't need most lots of my family doesn't use password managers. They have either some sort of algorithm. They've come up with for generating passwords, which I used to do actually or they have they just reuse passwords or whatever.
And so data breaches don't reveal any passwords of any kind. And so that's it's way more secure in that way. Because there's just no data to lose. But,The other nice thing about this is or or the like the biggest concern that people have with this as well. I do use a password manager and if you don't have a password then I can't put you in my password manager.
And no, that is false. You can definitely create a an email only entry in your password manager. And the reason that you'd want to do this is if you have multiple email addresses, or you use email aliases or something. Sometimes you can forget which email you use for a given service.
So you just add an entry to that email or password.With the email that you use and just don't have a password. And then it makes the implementation way easier as well. So there's no need to worry about password reset or or securing the password or changing the password or any of that.
So like forgot my password all that stuff just goes away. So you can get rid of a ton of complexity just by eliminating the password. So I am all in on magic links. I think that they're great and if you don't log people out automatically after a couple days then or you keep them logged in for a month or so.
Then,There's no problem with the user experience either. Have a good day.