** Improvement #9: Enhanced security with passwordless sign-in**
Passwords are a pain to remember. And they’re also a huge security risk. More and more websites are getting rid of passwords completely. And freeCodeCamp is one of them.
Now when you sign in, we’ll email you a link you can click that will immediately sign you in to freeCodeCamp.
It is not a link you can click. It is copy/pasting shortcode. I have unique passwords on all sites. I have never linked other sites so I can sign in via other social media or even github i.e. federated methods
These comments need some clarification:
“gmail” app to “gmail” server may be secure but every mail relay hop must be secure for this to be secure communication. Yes it is true A subset of email is secure email (if the mail provider is doing that) within a mail provider (Intra) domain like gmail to gmail, or apple to apple sender and receiver. The transfer from freecodecamp mail server to gmail/apple/whatever server MAY NOT be secured with encryption. As already mentioned if you use another mail domain there is no guarantee all the mail hops exchange encrypted traffic. Inter domain email eg example.com to gmail.com MAY NOT be secured. Email is not secure ALL the time.
HTTPS is for secure message/password exchange. This passwordless implementation is not secure ALL the time. Your passwordless login method is not secure for everyone. This is less security not “Enhanced Security” when compared to a site supporting traditional email/passwords and using the best practice security.
Federated logins can reduce your privacy, so I would not use them. That is a personal choice and a risk I chose not to take with federated Identity.