I love the product, but the login workflow is awful. Why innovate on logins? We've solved that problem.
Specifically, the login is a randomly-generated one-time code sent to your email address. Notion says this is more secure than them storing a username+password, but that's a dubious argument. They've also said this is two-factor auth (lolno). A side effect of this is that Notion is unusable on my mobile device since I have no email on it.
I really hope they implement a more traditional login system. Until then, I'm sticking with Evernote. :(
They imply that the login is 2FA-protected because your email or Google account can be 2FA-protected, and they're piggybacking off that...
Having passwords means storing them correctly and still implementing some form of reset -- and if email is a weak point, they would have to 2FA prompt you to reset your password, or not use magic links, or handle such issues out-of-band. They're probably trying to avoid auth/password support by outsourcing this function to Google for the time being.
I agree though, the user experience that is hardest-hit by this is mobile, where iOS now supports much better integration with password managers than was allowed previously...
Thanks for telling me this. I will definitely avoid Notion now. I want a username/password combo at the very least, both different for every site I use, and preferably with TOTP as well. I never want my email to be used for security purposes as it is among the most hackable target out there.
Yeah dude someone might go through the trouble of hacking your email just so they can find your todo page with an unchecked checkbox for feeding your goldfish.
You have no idea what they want to put in their Notion account. And so what if they want to have high security for something you deem trivial? You gain nothing by being an asshole about it.
Ugh you reminded me why I never went all-in with Notion. Having to remember what email I signed up with every time I need to log in is super annoying (as it doesn't seem to trigger my browser's autofill dialogue).
Yeah, Medium does this same thing and it makes me hate logging in so I'm rarely in the account I pay for. Especially since Medium makes you log in seemingly every few days.
> A side effect of this is that Notion is unusable on my mobile device since I have no email on it.
It’s unusable for me as well, but for a similar reason on the computer. When I’m on a computer, the last thing I want is to be forced to login to email for a code since I use web based email (which I don’t keep open all the time). Even if I were to use a desktop client, I wouldn’t have it kept open all the time.
I actually love their login, but it's not for the reason you would think. They expire the session very frequently which has been an annoyance for me, so log-in with the magic link has been faster than digging for the password through my manager.
He gets linked here pretty regularly, but for those who don't follow him, the author runs an email newsletter that's basically him throwing shade at AWS every week. It's fucking hilarious AND useful.
Bit of shameless self-promotion here, but I'm the author of Practical Monitoring. Among other things, I set out to answer exactly this question. Check out Part 2 (Chapters 7, 8, and 9 answer your question specifically). https://www.practicalmonitoring.com/
I'm a DevOps Engineer/Site Reliability Engineer/Operations Engineer/whatever they're calling it these days with about 15 years in the industry. I've got a broad skillset for all sorts of projects and needs: automation, deployment, orchestration, scaling, you name it.
I'm primarily a monitoring specialist, though: I'm the author of O'Reilly's upcoming Practical Monitoring and the editor of Monitoring Weekly (https://weekly.monitoring.love). Besides writing a book on monitoring, I'm architect-level when it comes to designing and deploying monitoring strategies for SaaS companies.
