Wanted to report the following issue: Some users systematically encounter expired login links.
I believe this happens because some corporate email systems systematically click on all links in incoming emails (a spam defence mechanism). (And so by the time a magic link reaches the user, it has already been clicked).
This is why I notice that other apps with magic link (like Notion) rely on a number sequence, rather than a link (or offer both alternatives). ie they send you a number you can input.
Another advantage of requiring user to input a number is that it allows for better UI. Consider this flow:
- user lands on a paywalled article they want to read
- they subscribe
- they click on link
- link opens a new tab that results in going to some page that is not the original article the user intended to read
If the login was based on entering a number sequence, this problem would be solved.
Finally, does the link have to expire after 1 use or even after 24 hours? Ghost is an app that protects articles, not vital banking or medical information. It seems to me that these rules can be relaxed.