> Magic Links mean that if there is any issue with any of the email servers in the chain (which there often are), my ability to log in to the website may be delayed by 10, 20, maybe even 30 minutes.

This same exact thing happens with a username and password driven site because almost all sites (rightfully) require you to confirm your account after sign up by clicking a link in your email.

With magic links it happens every single login. Confirmation email only needs to be done once per email. I thought this was obvious?

And most websites don’t require confirmation email to log in, they require it to unlock certain features.

"Logging in" typically refers to the situation where you don't have the cookie and need to get it. Having the cookie is typically referred to as "being logged in" already.

> "Logging in" typically refers to the situation where you don't have the cookie and need to get it.

Right, and after you click the link in your email to login then your back-end will set a cookie so that when you close your browser and come back again you will be logged in without needing to receive another link your email for however long you want "remember me" to be available.

The person I was replying to said the difference with magic links is you need to check your email every time you login. Especially with his "obvious" remark, it made it seem like he didn't realize you could use magic links and only login once a year just like you could use a password and only login once a year thanks to cookies working the same with both methods.

Dude, you're describing logging in.

If I don't have cookies, I have to receive that email again, and it introduces a large amount of failure points EVERY SINGLE TIME this login happens. Instead of just once, on account verification.

Seriously, I've built enough apps that require email verification to know how much of a failure point that email verification is, and it's a significant draw on onboarding when email guarantees are required early on. Doing it every single login (= every new device, every new incognito session, every now and then when the user clears their cache, every time they switch browser, every time they log in from a new computer, etc etc) is insanity, and again, everyone I know who uses magic link has given up on them, or made them extremely optional.

We must use computers much differently.

I don't login from new computers often, I have my personal machine and mobile phone. It's great to be able to login from a phone without needing a password manager or manually typing a 50 character randomly generated password where I need to be sitting in front of my main computer to even login. If you really have that many computers you'd still need to sync a password manager between all of them to login with a password.

I also don't browse with incognito mode on sites where I'm expected to be logged in unless I have multiple accounts that I want to have logged in simultaneously.

I also don't routinely switch browsers and if I do I only have to login once per browser and I'm done for a year or however long the site saves it for.

That doesn't sound like insanity to me? I didn't even think about them while writing my original reply because they are such outlier events.

Great, you're one user who likes magic links. It doesn't matter how you (nor I, for that matter) use magic links, the majority of users dislike them for the reasons I highlighted.

When building a site/service/ui/whatever, you take into account the needs of your users, not your own needs exclusively.

You asked: "I really don't understand why so many folks hate magic links." - I responded with an explanation.