Ask A Question
Notifications
You’re not receiving notifications from this thread.
Magic Link Authentication with generates_token_for in Rails 7.1 Discussion
is magic link login considered secure ?
can it be used for a production website reliably ?
Thanks
As long as the tokens expire, are one-time use, and the user's email isn't compromised it should be fine. You'll still want to support 2FA through another mechanism for more security.
I much prefer email/password login so I can use a password manager.