I'm not a fan of email + magic link. I know of two security gateways which "click" on the link to check to see if it ends up going to a known malicious website. So then the end user calls in a trouble ticket, because the login authorization page says their magic link is already expired (before they even got it).So for me, email + email OTP is the way to go.
No comments yet.