I love security and I trust noone, especially after the whistle blower blew his whistle and was exiled.

Today, I logged out of Hashnode on Windows 8 (yes, I know) and closed the browser. To log in to Hashnode I tried the following:

1. scoured my browser history and double clicked on the link. It didn't log me in automatically. Good.
2. opened my signup email account and opened the latest email from Hashnode, and clicked on the link I had used before. That didn't log me in either. OK.
3. copied and pasted into a browser the link in that email at step 2, above. No joy. Deep joy.
4. returned to Hashnode.com home page and looked at log in options. Via social media? No, thanks. One option left - ask them to send me another link to my email address. Navigate to my email, refresh, open the email, and cut and paste the link into a new tab, and hey presto! here we are. Mmm.

Then it dawned on me. Is this the only way for me to log in? It seems so. I hadn't noticed it before because I was either too busy to notice or NEVER logged out before. Oops. Quick research took me to Hashnode's support page called "Using Hashnode", looking at Create an account, and there it is, your answer:

Sign in ... using our passwordless authentication process with your email address or social accounts.

They say you should read the small print. So it's true. Every time I log on I need to go supply my email address, then go look there for a link. NO PASSWORD REQUIRED.

I am still trying to figure out if this method of login is safer because well, is it? I have made login pages in PHP before, and linked to a MySQL database, where I compared TWO user-supplied bits of information (username/email and password). Hashnode manages to let you in with just your email.

Well, Hashnode, I love your service, but I bet some of your team is not happy with this situation, and I wish I could have been present at that meeting where it was decided to do it like this. Is this something that you intend to change in the future? Comments welcomed.