How can it even work?

Passwordless with microsoft can go horribly wrong since there isnt two factors then giving someonr the first factor and they have full access and can change security info

Thank you for this information, very helpful. For now, I’m sticking with two-factor authentication using a strong password first. I simply don’t have confidence in this password-less method, especially with my Microsoft account.

The only factor of auth being used here is your email, so this isn't really using MFA. If the email service provider (eg: Gmail) is compromised, a bad actor can access your email and therefore get access your Medium account. One way to mitigate this is using another factor of auth such as an OTP texted to your phone via. This is more secure because while it's somewhat likely that either your email can be broken into or your phone can be stolen, the likelihood of BOTH occurring is negligibly small.

Email with a link is only one option for Passwordless. There is MFA within other Passwordless options that have no issues like the email delay issue.

I use it on my lesser accounts. But not on my paypal or bank account. The accounts use my computer I.D. Of course anyone using my computer could log in but it is not likely at all.

I don't like having the Microsoft authenticator app requesting access when someone else is trying to get into my account. Seems like they should at least enable a pin before someone can just request to get into your account with passwordless. I don't want to see all the requests in my face if they aren't me. It seems like they should at least have to enter a pin before they can request passwordless entry and that way I wouldn't see any request that didn't have the pin. I'd feel better with passwordless if you could still keep an option to use a security key too.

I currently use a password and the Authenticator app. If my password gets hacked, they still need the authenticator access. On trusted devices I already only have to use the app, instead of a password. I’m still trying to figure out how passwordless is more convenient and safe

Thank you! Why do you not generally recommend signing in with third-party services, e.g. Google which itself may be strong enough with 2FA enabled whereas the initial website may lack 2FA option?

Amazing! A video of more than 8 minutes and nowhere do you mention the correct answer to the question in the title... 4:00 Medium not having a password means that if you lose access to your original email account, you also will no longer be able to log into Medium. A false sense of security should not have to come at the risk of losing your account completely because there is no sensible password backup available to get in. 5:00 Instead of password reuse, you have email reuse. All a hacker has to do, is fake up an email to get you to log in to a fake site and provide your personal information there. 7:30 And let's not forget that you are not the only person who has emails that get stuck and take ages to arrive, which means people can no longer log in at a moment's notice.

PASSWORDLESS is safe for me because it removes the need to hide my password somewhere OFF of the local computer and the fear of losing that document

Awesome Explication really I understood very well, and I will follow your comments, thanks

Interesting video you are right its not perfect

Honestly my email account has been getting hacked into let me just say Microsoft/outlook security sucks.

Excellent explanation and I concur with your opinion about 2 form factor being gold. I prefer it myself. However if I loose my phone or stolen it does put a damper or chink in the armor. Or even an Issue with email. I use both authenticator apps, SMS and email with most that would allow it.