Comment by graemep
3 months ago
> NEVER EVER login from an email link. EVER
Login using one off email links (instead of username + password) is increasingly common which means its the only option.
3 months ago
> NEVER EVER login from an email link. EVER
Login using one off email links (instead of username + password) is increasingly common which means its the only option.
In that case
1. You just requested it, I'm not saying to never click link on transactional emails you requested. You still need to click on those verify email links
2. It replaces entering your password, so you're not entering your password on a link from an email, which is the very wrong thing.
At least you've requested that email, to be able to login. The timing chance for a phishing mail to come here and there is insignificant. OP is referring to communications that are one way street, the (pseudo) organisation to you.
Its a lot lower risk, its still not great IMO. Email is really not designed for it, and it trains people to use links to login.
Yeah, I hate these. It's also a very not-ergonomic was to sign in. I wish those companies would redirect those efforts to passkeys.
1 reply →
Username/password typically has the same issue via reset password links.
2 replies →