Or include a setting for users that used a unique password.
When, five to ten years ago, everyone started sending email conformations "is this really you??" when logging in with the correct username and password on the first try, I always contacted support if that can be turned off. I figured the only way they were going to know it's a pain is if people complain. I have yet to learn of the first site where this is actually a choice...
Come to think of it, why haven't I made a Thunderbird plugin yet that recognises these emails and either sends the code to the browser or autotypes it. The credentials are filled in automatically, why not also their stupid email? Does this exist already?
I think most sites doing this use SMS codes, and they works really well on mobile.
If they are sending an email it’s more likely to be a magic likely with no password at all.
You don't use twitter, github, amazon, spotify, steam, discord, etc.? Maybe that you can turn on SMS instead of email, but sending people emails for every login is the default for those.
The only ones requiring an SMS for me are organisations with a bank license, which are obviously a minority of all the services out there.
(Fwiw, I avoid all of the above besides Spotify, but a lot of code happens to be on github, audio books are invariably ~3x cheaper on amazon compared to buying from the publisher directly, many game developers insist that you let steam take a cut and don't let you buy it from them directly... that's how come I know these things all insist on sending emails.)
Every time I log into my Chase acccount, it thinks I'm logging in from a new computer. Every single time. Nope, I've had the same computer for 3 years.
