I refuse to use any service that only supports magic links for auth. It is incredibly user-hostile, and absolutely worse from a security perspective than passwords (with a password manager). Most critically it simply does not work in my personal setup where I do not have access to my email account from the machine I am using to login, precisely for security reasons and the safety of my accounts.
Anthropic has been the once exception to this personal policy simply because Claude is the best LLM out there. But it's a mountain of pain every time I have to re-login, and I've complained to them multiple times about this.
It is certainly not all, and most security conscious sites offer other recovery options like one time use codes. Many also allow for time delayed account recovery, which aren’t a usable option for magic links.
In any case the correct approach here is to fix password reset/account recovery (e.g. with social key recovery) rather than reduce everything to the lowest common denominator.
It also can be said to lower security because it instills the behavior of clicking on links in incoming emails as a standard practice.
It is ~30% for personal use, and ~60% when you include personal + work. So 30% use it in both contexts, and an additional 30% just for work. A combined 60% use password managers in some capacity in their work or personal lives.
Anthropic has been the once exception to this personal policy simply because Claude is the best LLM out there. But it's a mountain of pain every time I have to re-login, and I've complained to them multiple times about this.