That’s not the actual “forgot password” flow though. It goes:
- press “forgot password” button on login page
- press “submit” button
- get email
- create new password
- log in
The feature here is essentially about removing the (4) create new password step.
-
In the “Forgot password” modal, next to “Reset password” add “Log in with email” button.
-
When “Log in with email” is used, you get an email with a short-lived link that’ll log you in directly.
-
Optional: Enabling
enable email logins
adds a “Log in with email” button alongside the social logins.
Here’s a scenario I quite often find myself in:
I’m on a new computer. One of the few passwords I can remember is that of my email, which is also protected with 2FA. However, on any site that doesn’t support social logins, I’m using a password manager so I can use long, secure passwords. But I’m not always on a device/browser where I’m allowed to use my password manager.
In these cases, an “email login link” would be strongly preferable to a password reset, since the problem isn’t that I’ve forgotten my password; I never actually knew my password in the first place. If I change my password, that won’t match whatever my password manager has got stored.