Can I take a moment to complain about Anthropic's insistence on using a magic email link for login in the year 2026? It's so unnecessary. Please, anthropic team. Just allow us to user username/password/2FA.
radicality 24 days ago [-]
Oh yes, upvoting, my top annoyance with anthropic too, email links are a bit ridiculous as a login mechanism.
Anytime I have to login again, it’s the ridiculous dance of figuring out what surface I’m logging into and how to get the magic link to open there, and not mistakenly somewhere else. Never a problem with openAI - input password and 2FA - done, logged in.
dweekly 24 days ago [-]
Passkeys are the 2026 answer. No (added) username, no password, no two factor SMS, no phishing.
teej 24 days ago [-]
Passkeys are auth garbage. Normal users do not benefit from overly complex auth.
dweekly 23 days ago [-]
You tap your finger and you're done. Faster than a password paste. How is that complex or difficult UX?
mikkupikku 24 days ago [-]
Too confusing for me, I don't get it. How do I record my login info on paper so my family can get in if I die?
xienze 24 days ago [-]
I'm not a fan. But what Anthropic SHOULD have done is use plain ol' SSO. Google, GitHub, Microsoft, etc. logins with the option to do this magic link stuff. The third party auth providers would use passkeys at the user's discretion.
lostmsu 22 days ago [-]
Don't they have Google SSO?
jwr 24 days ago [-]
Until you lose your device or it breaks suddenly.
mikepurvis 24 days ago [-]
I store passkeys and totps in 1Password. I know it means there's no hardware protection of the secure element, but in return they're trivially synced across my devices.
I feel this tradeoff is worth it to me; certainly it is no worse than email or SMS as the second factor.
dweekly 23 days ago [-]
Chrome Sync, iCloud Sync. There are great answers for this.
jwr 22 days ago [-]
Sure. But if you sync passkeys, are there any advantages apart from phishing protection?
The biggest advantage for me is using the hardware secure enclave, thus effectively getting a 2nd factor.
butILoveLife 24 days ago [-]
I love it. I forget my passwords.
post-it 24 days ago [-]
I support not storing any kind of password, but they should add passkey support.
n4r9 24 days ago [-]
Email link is way more convenient than a 2FA text, surely? It means you don't need to remember credentials or have your phone with you.
marketneutral 24 days ago [-]
On iOS and macOS 2FAs are auto-populated for you, and of course also your saved login and password. You don't need to leave the page and open other applications.
This is by far the most common sign-in UX. So is there some security benefit in the email link sign-in?
esseph 23 days ago [-]
> auto-populated
Auto population of login credentials including 2FA is currently an attack vector.
"A critical security flaw has been uncovered in the autofill functionality of nearly every major password manager. This vulnerability allows threat actors to stealthily harvest user credentials and sensitive financial data from deceptive web forms without user interaction, turning a core convenience feature into a potent weapon for cybercrime."
The only way an account accessed by a magic link can be compromised is by an already compromised associated email. No password in clipboard, which is how some of us still do it, etc. The magic link makes everyone secure regardless of how they store their secrets.
And there's also no password stash if the server were to be hacked, which means no sending out "please update your password" emails and the like.
hypeatei 24 days ago [-]
2FA != SMS codes
TOTP works just fine and you can save it in a password manager if you like. Email links don't allow me to use a keyboard shortcut to login, instead I have to open a new tab and click around for a magic code/url.
figassis 24 days ago [-]
I'd like to think I am pretty security conscious, but I still don't get the obsession with magic links (and passkeys). This is the one thing where I think I disagree with most of the industry. I thought forgetting passwords was a solved problem. I thought 2fa is much faster than searching for the last email for X provider the maybe takes 1 minute to arrive, requires retries and high tend up in spam? Some one please help me get on board.
n4r9 19 days ago [-]
It depends how convenient it is for you to constantly be carrying devices that have 2fa software or the correct SIM card installed. I might prefer to simply access my email account, which I know how to do anywhere.
esseph 23 days ago [-]
Autofill of password manager creds is an attack vector.
Passkeys and email links prevent things like: clipboard interception, malicious iframes, fake login UIs, etc.
But less convenient than a TOTP generator in your password app.
n4r9 19 days ago [-]
Not if you don't happen to have a device on you with that app installed.
jwr 24 days ago [-]
It is terrible, slow, assumes that I receive my E-mail instantly (what if I use greylisting?), makes me check my E-mail when I don't want to.
This as opposed to my password manager filling in the password field within a second or so.
But they know it's terrible. The reason they do it is to make account sharing more difficult.
skeledrew 24 days ago [-]
The magic link is nice IMO. One less secret to manage.
sveme 24 days ago [-]
Anthropic's domain usage (there's claude.com, claude.ai, console.anthropic.com, platform.claude.com, claudecode.io forwarding to codeagents.app which errors) and authentication approach have been lacking a lot; hope this isn't a verdict on their use of agentic coding.
Example: I had two orgs with similar names, one I set up myself and another my employer set up. Logged in via SSO. Once I deleted the one I created myself, I could not log in anymore with the notice that the org was scheduled for deletion. Could also not contact support as that required a login. Only when the org was deleted after a week and my employer deleted me and reinvited me I could access it again.
Quite the shitshow for a company worth a couple hundred billion.
palcu 24 days ago [-]
Hey folks, I'm Palcu from the reliability engineering team at Anthropic. I just posted a small retro on the status page:
> Between 14:17 and 17:11 UTC, our primary application database experienced severely degraded I/O performance following a routine maintenance operation, causing slow or failed requests on Claude.ai and preventing new or refreshed sign-ins for Claude Code and the Console. API traffic via Claude Developer Platform was unaffected.
Sorry again, thanks for bearing with us as we're dealing with the influx of new users and scaling up all of our systems.
elliotlarson 24 days ago [-]
I feel like this is a pretty big fumble for Anthropic. I don't mind waiting 30 minutes or so for a service that's having issues. But, around the 2 hour mark, I start researching alternatives. I think like almost every other developer I've been working on my own AI assisted project management system. It was built around Claude Code, but now I'm using my down time adding in support for Gemini and Codex.
M4R5H4LL 24 days ago [-]
per ChatGPT, it becomes cost effective (against the $200/mo usage tier) to acquire an RTX 6000 Pro if heavily (+8 hrs/day) after around 2 years (at $0.20/kwh which is lower than cal residential rates). I am interested in alternatives too but I haven't found anything close to Claude Code.
rvz 24 days ago [-]
"AGI" is going to make a lot of so-called senior software engineers look like interns who are unable to read or write code by hand.
Having to wait for a Distinguished Engineer named "Claude" to come back from their 2 hour break to fix their issue.
NiloCK 24 days ago [-]
Moving fast, through the dark, wearing wiley coyote jet-powered roller skates, while simultaneously somehow gathering and smelling many previously undocumented specimens of rose along the way.
Not too surprising that stuff is often broken. I just wish it was more often broken in my favor!
(This wish is not abstract - my account had been bugged for 8 months+ to not experience any weekly usage metering. It only fixed itself a few days ago when my annual bill came through).
embedding-shape 24 days ago [-]
> (This wish is not abstract - my account had been bugged for 8 months+ to not experience any weekly usage metering. It only fixed itself a few days ago when my annual bill came through).
Rare self-confession so openly?
vimda 24 days ago [-]
These reliability issues are starting to feel like a pretty big indictment of their product, which they are presumably using to write their software and build their systems. If _Anthropic_ can't make Claude build reliable systems, what hope do the rest of us have?
gensym 24 days ago [-]
I've wondered the same. Back when Antrhopic seemed like a niche alternative to OpenAI, I signed up for an account. Now that my company is using it heavily, I tried to change the account owner to on of the executives, and apparently that's not possible! It's also not possible to create separate work/personal accounts unless you have two different phone numbers.
There's a confusing disconnect between "we have this magic box that can write all the software we'd ever want" and their lack of basic account management functionality.
(Not really. That disconnect is because of something mature software engineers have known for decades - the bottleneck has never been the code)
dgunay 24 days ago [-]
It's not going to kill anyone to just switch to a different provider, even for just a few hours. Bad news for Anthropic if their users suddenly realize Claude Code isn't really that much better than the others though.
KronisLV 24 days ago [-]
I wonder where's the post mortem that goes like: "Our auth solution isn't scalable enough, so here's how we implemented a better one."
I tried using the Github VSCode Copilot because I have some credits. It will be better to wait for Claude Code to be fixed. In other words, Claude Code broken is still orders of magnitude better than Github VSCode Copilot.
ai4mathlogicrsn 24 days ago [-]
This says more about Microsoft’s Quality than about Anthropic’s Reliability.
ChrisArchitect 23 days ago [-]
nothing flagged about it, why would you say that?
23 days ago [-]
newbie578 24 days ago [-]
Still down, looks like it will be down for the whole day. Looks like time to call it a day...
dionian 24 days ago [-]
i got back in half an hour ago or so. concerning that its still happening
mkw5053 24 days ago [-]
I had codex read my cc chat histories and am back up and running there.
zurfer 24 days ago [-]
this takes long enough for me to give codex a new try
yomismoaqui 24 days ago [-]
As a cheap user that only uses the 20$ month subscriptions I started with Claude Code as main & Codex as backup when the 5 hour quota was exhausted.
Then I saw that Codex worked better for me and cancelled my Claude Code subscription. And now for my moderate use (4-5 hours a day with no parallel agents) I have enough with Codex $20 and AMP free if I want to save some weekly quota.
But honestly I usually have enough usage to last the full week without using AMP.
winrid 24 days ago [-]
seriously, it's been going on for two hours, how complicated is their auth system?
ta988 24 days ago [-]
They can't fix it if claude code isn't up, nobody understands the code anymore. /s(a little)
jwr 24 days ago [-]
Can we all just stop for a moment and admire the lingo?
"Elevated errors" -> translation: our stuff is totally broken
Everybody started saying "elevated errors" instead of "outage", because it sounds better. It's the same thing as every aircraft problem being an "electrical issue".
gku 24 days ago [-]
oauth `redirect_url` points to localhost, so the login redirect hangs
walls 24 days ago [-]
Isn't that just how oauth is done when a local app wants to be notified after login?
earleybird 24 days ago [-]
someone vibed a production push
xienze 24 days ago [-]
The definition of "works on my system."
xeromal 24 days ago [-]
oof
monkaiju 24 days ago [-]
Guess the folks LARPing as devs will continue to be even less productive than usual today. Honestly its probably for the best that they can shove this slop into the codebase though.
rvz 24 days ago [-]
It's quite amusing to see so-called "developers" waiting for their 10x engineer called "Claude" to hand hold them like interns who can't read or write any code when it goes and takes a break for 2 hours.
Codex was taking a nap for 8 hours [0] recently with many of the interns here complaining that it is "down".
> It's quite amusing to see so-called "developers" waiting for their 10x engineer called "Claude" to hand hold them like interns who can't read or write any code when it goes and takes a break for 2 hours.
Think about it, they're being forced to read and update code, on the spot, that someone else wrote! It takes time to get up to speed.
Steinmark 24 days ago [-]
[dead]
Rendered at 07:44:07 GMT+0000 (Coordinated Universal Time) with Vercel.
I feel this tradeoff is worth it to me; certainly it is no worse than email or SMS as the second factor.
The biggest advantage for me is using the hardware secure enclave, thus effectively getting a 2nd factor.
This is by far the most common sign-in UX. So is there some security benefit in the email link sign-in?
Auto population of login credentials including 2FA is currently an attack vector.
"A critical security flaw has been uncovered in the autofill functionality of nearly every major password manager. This vulnerability allows threat actors to stealthily harvest user credentials and sensitive financial data from deceptive web forms without user interaction, turning a core convenience feature into a potent weapon for cybercrime."
https://undercodetesting.com/the-autofill-trap-how-your-pass...
And there's also no password stash if the server were to be hacked, which means no sending out "please update your password" emails and the like.
TOTP works just fine and you can save it in a password manager if you like. Email links don't allow me to use a keyboard shortcut to login, instead I have to open a new tab and click around for a magic code/url.
Passkeys and email links prevent things like: clipboard interception, malicious iframes, fake login UIs, etc.
This as opposed to my password manager filling in the password field within a second or so.
But they know it's terrible. The reason they do it is to make account sharing more difficult.
Example: I had two orgs with similar names, one I set up myself and another my employer set up. Logged in via SSO. Once I deleted the one I created myself, I could not log in anymore with the notice that the org was scheduled for deletion. Could also not contact support as that required a login. Only when the org was deleted after a week and my employer deleted me and reinvited me I could access it again.
Quite the shitshow for a company worth a couple hundred billion.
> Between 14:17 and 17:11 UTC, our primary application database experienced severely degraded I/O performance following a routine maintenance operation, causing slow or failed requests on Claude.ai and preventing new or refreshed sign-ins for Claude Code and the Console. API traffic via Claude Developer Platform was unaffected.
https://status.claude.com/incidents/jm3b4jjy2jrt
Sorry again, thanks for bearing with us as we're dealing with the influx of new users and scaling up all of our systems.
Having to wait for a Distinguished Engineer named "Claude" to come back from their 2 hour break to fix their issue.
Not too surprising that stuff is often broken. I just wish it was more often broken in my favor!
(This wish is not abstract - my account had been bugged for 8 months+ to not experience any weekly usage metering. It only fixed itself a few days ago when my annual bill came through).
Rare self-confession so openly?
There's a confusing disconnect between "we have this magic box that can write all the software we'd ever want" and their lack of basic account management functionality.
(Not really. That disconnect is because of something mature software engineers have known for decades - the bottleneck has never been the code)
I tried using the Github VSCode Copilot because I have some credits. It will be better to wait for Claude Code to be fixed. In other words, Claude Code broken is still orders of magnitude better than Github VSCode Copilot.
Then I saw that Codex worked better for me and cancelled my Claude Code subscription. And now for my moderate use (4-5 hours a day with no parallel agents) I have enough with Codex $20 and AMP free if I want to save some weekly quota.
But honestly I usually have enough usage to last the full week without using AMP.
"Elevated errors" -> translation: our stuff is totally broken
Everybody started saying "elevated errors" instead of "outage", because it sounds better. It's the same thing as every aircraft problem being an "electrical issue".
Codex was taking a nap for 8 hours [0] recently with many of the interns here complaining that it is "down".
[0] https://status.openai.com/incidents/01KK9JA8JKQKDW1W24T09NHB...
Think about it, they're being forced to read and update code, on the spot, that someone else wrote! It takes time to get up to speed.