Hi HN, what do you think about auto login tokens in transactional emails? If the user has multiple devices (e.g. desktop at work, ipad at home) it's just very convenient. We also offer login with social accounts (e.g. facebook, google) but most of our users still register by email.<p>Whats your opinion?
I've seen a website without password. To login: you have to fill you email adress, they send you an email with a one time auto login token.<p>It was great!<p>But (because, there is a "but") it was (I repeat) a <i>one time</i> auto login token.<p>If there was a for ever auto login token, this mail may be lost, duplicate, or worse, compromised.<p>The <i>one time</i> auto login is "secured" in the way you know you will have first access to this mail (mail is mostly unsafe) and the link worked.<p>Advantage : only one password (double authenticated for several providers) for your mail.
As would be an oauth connection.<p>In a transactional mail ? Muh... "transactional" mean with an action, but commonly with a paid action, with private informations like a credit card number... I will not feel safe if in the same email I have a confirmation I have paid something (ie: advice about payment information are provided) and a link that allows the mail reader to get those informations.<p>There were my 2 cents.