I don’t see how’s either way better or worse as long as they force you to change the password upon login
In my experience it’s always a tokenized link, no clear text required.
lowleveldata@programming.dev 8 months ago
fireflash38@lemmy.world 8 months ago
And what is the token in the link?
nous@programming.dev 8 months ago
Well, the tokenized link is essentially a clear text one time password. Not really any better than just a one time password except for the convenience that the user does not need to type it in. If someone gets hold of the link or password before you they can get access to your account.