Please don't force us to log in using Apple/Google or "magic links"

I hope you reconsider and allow us to use 2FA instead. Magic links are slow, interact poorly with password managers, and I don’t like using my e-mail as a part of your site’s security.

Ugh, yeah, this is painful.

I understand that a passwordless login via email can be easier for many users that struggle with secure passwords.

But many others have password managers that can handle secure long passwords and TOTP 2FA to enable frictionless and secure login.

Forcing those users to use an email code makes the process much slower and also less secure.

Can’t you have a “Continue with Password” or similar option, maybe even less prominent, so that users have the option between an email code and password login?

This doesn’t improve security at all, it just shifts it to the mail provider, just offer passkeys + OTP like all good services, I also don’t want you junk in my email everytime I login, which is everytime I restart my computer since my browser nukes credentials on close.

Just want to add, as someone who works in cyber. The first step in compromising someone is usually getting access to email so you’re kind of making it easier for the bad guys. Cool

It looks to me like there will still be an option to get a code sent via email, not requiring an account link to Google or Apple.

I hate always having to go check my email or SMS for a login code, but it’s not like I expect Trakt to reverse this change. Best we can hope for is an actual notification to users via email, website/app banners, EVERYWHERE! that the sign-in flow WILL change with a link to the announcement thread (New Sign-In Flow)

Would I rather see 2FA and passkey support added here instead? Absolutely. But Trakt has recently shown no inclination to hear and respond to actual feedback, so I will not expect it.

Are username/password logins broken right now?

I’m 100% sure my credentials (from 1Password) are correct, but Trakt no longer accepts them and forces me to use Magic Links instead…

username+password still works for me. remember to use your email address as the username (that was also changed a while ago).

They work again for me as well (same data from 1Password as earlier today).

Please! No magic links… keep username/password but add 2fa instead.

Sadly, I have noticed they do not listen to user feedback recently, so I think we are doomed…

Well if thats true GG trakt in that case, never listening to customers isnt a great sign.

The sign in flow will keep the standard email form while we continue to evaluate this change. The support post was just a heads up, but it hasn’t actually been changed yet.

What is this “magic” sign in?

We previously had a “magic link” which can email you a sign in link. Basically a quick way of signing in if you don’t know your password.

This new update adds a “magic code” which emails a code you can copy and paste into the website. This flow is especially nice for apps (Trakt and 3rd party) since the “magic link” would lose context and not redirect back to the app. With the “magic code”, you’re still inside the app and able to sign in without knowing your password.

Trakt Lite

We will use the flow without the email form in Trakt Lite soon. Since this a new playground of sorts, we’re able to experiment with things a bit differently and gather feedback.

Signing in

If you’re using Trakt normally, the website and apps will keep you signed in pretty much indefinitely (auth is automatically handed and refreshed behind the scenes for you).

Based on the replies here, it seems like some of you are signing in a lot. I’m curious how often you are signing in? Is there a reason you don’t want to stay automatically signed in on the apps and website?

Passkeys or 2FA

We are planning to look into passkeys. No guarantees that is what we end up doing, but we will research it more.

Other

FYI, I’m marking this as the solution so it shows up in the main post for better contest. Happy to continue the discussion, but it seems like there is some confusion that this change will somehow force sign ins more regularly. For most people it will not change their day to day use of Trakt or the apps.

Personally I don’t sign in a lot, hahaha
(can you check those records, I’m curious)

Just when I have a new device, or new browser, or do a clean install periodically (I’ve neglected that actually).

Personally I don’t sign in often, but when a service uses magic links it’s usually a giant pain because I cannot just use Bitwarden’s auto fill, have to open Thunderbird, copy the code (but not delete the mail yet because some services don’t allow pasting), enter the code and then delete the email and switch back to Firefox.

My suggestion would be to offer magic links alongside the default username and password login, and to increase security maybe something like Bitwarden recently introduced, where they now ask for a confirmation code on new devices.

I don’t sign in often either but I don’t like using google or apple in the sign in process.

I usually let browsers remove all cookies at exit.

I’m very curious as to what will happen to users who aren’t even registered to the site with a Google or Apple account, like myself.

Also I don’t think I’ve ever seen a company intentionally self-destruct the way this one has. I don’t even use the service anymore - I’m just here to watch the show.

You sign in using email.

Great, I just disconnected my Google account to make sure I won’t have to use it for auth.

The site didn’t show me which account it was. If the account I used to use for Google Drive backups… my university killed that off last month anyway, so I could have been locked out

I’m a bit late to this thread but also want to throw in my vote to keep the original login credentials! There is no reason I need my email inbox cluttered with more one-time codes. As stated by OP “Do not punish users who are able to manage their credentials.” This perfectly summarizes the issue. Yes, I realize we don’t actually have to login through Google or Apple and can use any email, but it’s the principle of it. There is no issue with the current login structure as it is. It shouldn’t matter that we may not need to manually login frequently. All these recent changes have been overwhelming negative and it’s disappointing to see.