{"id":50517,"date":"2025-12-19T17:30:32","date_gmt":"2025-12-19T22:30:32","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=50517"},"modified":"2025-12-22T14:41:04","modified_gmt":"2025-12-22T19:41:04","slug":"passwords-app-and-magic-links","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2025\/12\/19\/passwords-app-and-magic-links\/","title":{"rendered":"Passwords.app and Magic Links"},"content":{"rendered":"<p><a href=\"https:\/\/daringfireball.net\/2025\/12\/a_request_regarding_magic_link_sign-ins_and_apples_passwords_app\">John Gruber<\/a>:<\/p>\n<blockquote cite=\"https:\/\/daringfireball.net\/2025\/12\/a_request_regarding_magic_link_sign-ins_and_apples_passwords_app\">\n<p>There are many sites&#x2009;&mdash;&#x2009;and the trend seems to be accelerating&#x2009;&mdash;&#x2009;that do not use passwords (or passkeys) for signing in. Instead, they only support signing in via expiring &ldquo;magic links&rdquo; sent by email (or, sometimes, via text messages). To sign in with such a site, you enter your email address, hit a button, and the site emails you a fresh link that you need to follow to sign in. I despise this design pattern, because it&rsquo;s inherently slower than signing in using an email\/password combination that was saved to my passwords app and autofilled by my web browser.<\/p>\n<p>[&#8230;]<\/p>\n<p>To make matters worse, when you create a new account using a &ldquo;magic link&rdquo;, <em>nothing<\/em> gets saved to Apple Passwords. I don&rsquo;t have many email addresses in active use, but I do have several. Sometimes I don&rsquo;t remember which one I used for my account on a certain site.<\/p>\n<p>[&#8230;]<\/p>\n<p>One workaround I&rsquo;ve used for a few sites with which I keep running into this situation (<a href=\"https:\/\/www.status.news\/\">Status<\/a>, I&rsquo;m looking in your direction) is to manually create an entry in Apple Passwords for the site with the email address I used to subscribe, and a made-up single-character password. Apple Passwords won&rsquo;t let you save an entry without something in the password field, and a single-character password is a visual clue to my future self why I did this.<\/p>\n<\/blockquote>\n\n<p>I have also run into this friction where the Passwords app insists I not leave the field blank but there&rsquo;s nothing that really makes sense to put there.<\/p>\n\n<p>I&rsquo;d always assumed that sites used magic links because people don&rsquo;t remember their passwords, and it&rsquo;s easier to click a link than to go through the password reset process each time. But Gruber notes that magic links are also an effective way to combat account sharing.<\/p>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2025\/12\/08\/apple-passwords-adds-history\/\">Apple Passwords Adds History<\/a><\/li>\n<\/ul>\n\n<p id=\"passwords-app-and-magic-links-update-2025-12-22\">Update (<a href=\"#passwords-app-and-magic-links-update-2025-12-22\">2025-12-22<\/a>): <a href=\"https:\/\/mastodon.social\/@ezekiel@hachyderm.io\/115748689570625467\">Ezekiel Elin<\/a>:<\/p>\n<blockquote cite=\"https:\/\/mastodon.social\/@ezekiel@hachyderm.io\/115748689570625467\">\n<p>You actually can create password entries without passwords because there&rsquo;s a bug in the app where the (command)+S keyboard shortcut works even when the UI button to save is disabled<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>John Gruber: There are many sites&#x2009;&mdash;&#x2009;and the trend seems to be accelerating&#x2009;&mdash;&#x2009;that do not use passwords (or passkeys) for signing in. Instead, they only support signing in via expiring &ldquo;magic links&rdquo; sent by email (or, sometimes, via text messages). To sign in with such a site, you enter your email address, hit a button, and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2025-12-19T22:30:36Z","apple_news_api_id":"f4d94dcd-9f93-4d50-95f3-6bdca5b9e724","apple_news_api_modified_at":"2025-12-22T19:41:07Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAA==","apple_news_api_share_url":"https:\/\/apple.news\/A9NlNzZ-TTVCV82vcpbnnJA","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[2165,30,2742],"class_list":["post-50517","post","type-post","status-publish","format-standard","hentry","category-technology","tag-apple-password-manager","tag-mac","tag-macos-tahoe-26"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/50517","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=50517"}],"version-history":[{"count":2,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/50517\/revisions"}],"predecessor-version":[{"id":50524,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/50517\/revisions\/50524"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=50517"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=50517"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=50517"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}