Dear Bitwarden Developers,
I am responsible for developing the login system for our school’s login system, and am having trouble convincing members to stick with the password login system I am proposing.
In our password login system, no “Forgot Password” Email Recovery Link is ever sent. Either the user remembers their original password or they will have to type in a Recovery Password in case they get locked out of their account. I was inspired to use this technique for recovery passwords from Tutanota’s login system (https://tutanota.com)
But when I proposed this solution to the development team, our student organization’s president admitted he–nor anyone–would care enough to remember their passwords that diligently.
I simply said that each and every member of our organization would thus get two login options:
-
The password system I have proposed.
-
Using an Email Magic Link System. This is heavily inspired by Medium’s “Sign In With Email” option (https://medium.com). Medium simply sends the user a link to the user’s registered email. The user is automatically logged in immediately after clicking on the link in the email sent to them. Although this option is convenient, its much less secure than option 1. However, its meant for people who are not willing to maintain good password hygiene. I am aware Bitwarden uses Email as part of a “Two-Step Login” feature but what do the Bitwarden developers think of adopting Medium’s “Email Magic Link” system?