social.pollux.casa

@leitzke which risk ?
user can always edit blog posts with FTP/SFTP

@adele @leitzke email is not a safe medium. The short time of availability goes long way in improving security, but it decreases usability. Having a 2FA system and a longer availability, or even better, access by passkey and no magic link, would be better.

@gmazzap @adele I understand that email is a secondary method, and I absolutely understand that what I am thinking may very well be less than 1% of the cases, however e-mails have a few challenges...

In terms of availability: I would guess that the group that is looking at alternatives which are not so "mainstream", which seems to be the main target, are also more likely to have self-hosted email solutions than the general population, and there we may have instances where deliverability can be spotty and either take longer or fail entirely.

As for security: as Giuseppe well noted, e-mail is not safe. Most people are not used to email encryption and that is always an extra step. Plain e-mails are notoriously vulnerable to MITM attacks, so even if the short time helps to keep things safe, it's never 100% trustworthy.

And there's also the human factor of it... I personally don't feel 100% safe if my only method of accessing something is via email (I reckon that is not the case, as you said, people can edit via FTP)... what if my email provider blocks my account? what if they decide to reject your emails as spam, because maybe you send from an IP that is used by bad actors?

I think the best passwordless authentication nowadays would be passkey, but I - as a user - would still feel a bit safer with the option of password and 2FA, as I am personally slow to adopt new authentication methods.

Sorry for the long text, but I felt that it would be better to give more context to my point of view. And also, what I am saying reflects my experience and preferences, and it is in no sense an absolute truth. :)