There isn’t really much a security issue with this way of logging into things. At least not for logging into anything where you can reset your password if you have access to someones e-mail.

A bunch of places started doing this because of how a lot of users just reset their password every time they had to sign in instead of keeping track of their password.

I fucking hate this sign in flow for a number of reasons.

The main one is that it makes it harder for me to use my password manager as a database of all the places I have an account. I also hate single sign on either as in corporate Azure Active Directory / Entra ID style or as in Use