What your opinion on this password-less login thing magic (https://magic.link/).

I think it's interesting, but would you consider it something worth putting time Into learning asap?

Just more OIDC. I think okta already offers it

How is this better in any way than a password manager with 2fa enabled?

looks like a email harvesting tool for spammers and "marketeers" 😄

User/password flow works, magic links or auto login links just remove 2 text boxes from your flow.

No really, you would still send them an email to verify the account/email address, you would still want 2FA on your app/website, you're reset password flow would still need to account for 2FA being enabled, something I'm pushing my company to bring in.

A magic link removes this security, and now relies on the user not having their email account breached to hijack their account on your service.

Don't be the weak link.
This kind of service is nothing more then sending the user their password back to their email address when pressing "lost password"

But hey, "no passwords are easier"

"Let's make things easier! Who cares if it's objectively worse in every possible way, save convenience?"

Fires burn in the distance.