Passwordless linking supported in account linking extension

I understand there is a security risk when linking an unverified password account with a passwordless account.

Excluding this use-case it would still be helpful to automatically link users who have verified username/password accounts.

For example we are considering the following options

  1. Turning off Username/password signups while still allowing logins. (we currently have many username/password accounts)
  2. Turning on rule with forced email verification and editing the Email verification template to be clearer to what the user is doing.

Option 1 is more secure we believe.

Thanks for sharing that feedback! Let’s see if there are more people interested in such feature!