That’s not the actual “forgot password” flow though. It goes:
- press “forgot password” button on login page
- press “submit” button
- get email
- create new password
- log in
The feature here is essentially about removing the (4) create new password step.
In the “Forgot password” modal, next to “Reset password” add “Log in with email” button.
When “Log in with email” is used, you get an email with a short-lived link that’ll log you in directly.
enable email logins adds a “Log in with email” button alongside the social logins.
Here’s a scenario I quite often find myself in:
I’m on a new computer. One of the few passwords I can remember is that of my email, which is also protected with 2FA. However, on any site that doesn’t support social logins, I’m using a password manager so I can use long, secure passwords. But I’m not always on a device/browser where I’m allowed to use my password manager.
In these cases, an “email login link” would be strongly preferable to a password reset, since the problem isn’t that I’ve forgotten my password; I never actually knew my password in the first place. If I change my password, that won’t match whatever my password manager has got stored.