(no title)

But... ignoring the potential security issue of trusting your email, which (like your post points out) most forgot-password routes do anyway, you then get onto usability.

Turns out some of our users really hated it, and couldn't get their heads around it. Including some key members of our snr. management team. Slack IIRC was originally magic-link only, but then reversed course later, and tbh -- even I find it frustrating when using it with my banking app. It's way slower than just having 1Password fill in the user/pwd details for me – as has been pointed out, it adds a cumbersome second step.

That said, I think it still has a place for places where the user won't necessarily need/want to create a "full account" but you can use it to at least do some email validation. Then if they want an account later, you can simply turn this "shadow" account into a full one by letting the user set a password, as that's really the only difference.