I love you @404mediaco, but I really wish I had a password auth instead of the whole "email you a magic link" thing every time I sign in.

@vkc @404mediaco magic links come straight from hell.

@dacmot I routinely use RSS but not on every device, frequently enough I come across a link organically and run into these messes!

@vkc @juandesant @404mediaco This pattern needs to die. I’m starting to see this more and more with new apps. I get they’re hoping to avoid disposable email addresses, but I’m certain this will have the opposite effect of what they’re hoping for.

@vkc definitely sub-optimal.

I have been doing the same thing for years, and I found Linkedin to be one of the big offenders.

@vkc Yeah, I want to log in and read this now, not whenever the email with the magic link percolates through the intertubes.

@vkc @404mediaco 100% agreed. As someone who is not signed in to email on every device, having to click a magic link on my phone and then send the link to my PC, these sign in prompts are a gigantic pain in the ass.

@vkc @404mediaco "Magic Links" are the dumbest "security" I can think of.

@vkc @404mediaco I didn't pay $88 for a YubiKey just to have a website mail a password to my phone so I can log onto my computer.

@vkc
I understand why 404media does this, but it is annoying and I wish I had an answer for this.

@vkc Same! Well, not a service, just wildcard aliases. Although I use hyphens in mine and occasionally sites roll their own validation code and decide hyphens aren't valid Surprisingly enough, forwarding RFC5322 to customer service usually helps! Lol

Honestly what I've learned is that most sites -- at least the ones I use -- are fine. Got a wave of spam from friggin Patreon when they got breached years ago...and I now filter out any ActionNetwork links from my feed on here...but that's basically all I've had an issue with in the >10 years I've been doing this.

@vkc @404mediaco
Same here. I thought I was the only one.

@vkc @dacmot I'm a government contractor. I have a new project in the last few months where we moved our Issues and Git repos into the government client's [Brand Name] cloud project management.

Now every time I want to look at an Issue, if I haven't touched the issue database for 6 hours, I have to CLICK a BUTTON after password login, to SEND a one-time password via email, then go get that code.

I have so many "Mordac, the Preventer of Information Services" situations! It's maddening!

@thibaultmol @vkc @404mediaco This also breaks #wallabag for me, as it cannot auto login and retrieve articles. @404mediaco @wallabag

@vkc @admin May I ask which service you use? I use #Firefox #Relay right now, but am looking for a replacement since forever.

@vkc @404mediaco A service I use occasionally *migrated* to this from good ol' fashioned passwords. It was exasperating.

@admin @vkc Are you using ++ aliases or something that allow you to generate aliases from a common base, making less obvious your real address ?
I was wondering if there was a way to generate indistinct e mail address on the fly different than using a domain name. I think that using a domain name is a good solution but it makes it easy to correlate my addresses to my real identity no ?

@vkc @404mediaco you know what? I'll hop on this bandwagon. Maybe we can be a big enough group to ask nicely, and they'll add it in for us.

@mcbaumwolle @admin I use Fastmail which integrates it.

@mcbaumwolle @vkc @bane Well, the wildcard alias part of it is done through a domain and mail account I pay for through Namecheap. They call it a "catchall" address, other providers might call it a wildcard alias, but basically *anything* @mydomain will all go to a single inbox. The nice part of that compared to some of the services that generate addresses (not sure if this would apply to Fastmail) is I don't have to do anything to register or set up a new address, which is nice when giving out my email in offline spaces. Although it does get weird when the Jiffy Lube cashier sees my email is 'jiffylube-shop@...' and goes 'Oh you must work for corporate' xD

Of course, I can't leave it that simple I have a mail server in my basement -- fetchmail pulls incoming mail from Namecheap, and there's a very small shell script that parses it out into different accounts -- so for example anything that ends in '-shop@mydomain' will go into the 'Shopping' inbox, while anything ending in '-pers@mydomain' will go into the 'Personal' inbox. Then dovecot serves those to my devices via IMAP, and any outgoing mail can bounce through an emailrelay instance on the same server and get forwarded back out via Namecheap.

I hear trying to send email from a residential IP is a damn nightmare so that's why I route via Namecheap, but there's still both technical and legal benefits to pulling it all local and not leaving it all on third-party server indefinitely....

Does make it possible to correlate to my real identity, especially because my domain for that is my actual name xD But most domain registrars can anonymize the whois information, so it won't be private from law enforcement or something but it should be private enough from randos on the internet...as long as you aren't tying that domain to your real identity in other ways.