You know... I put great thought into the login system. I can to the conclusion that username/passwords are the greatest security risk, much greater than an email leak.. When it comes to passwords, very few people use truely unique ones. They always have some kind of personal touch; name of your dog, street... sure some numbers mixed in. Worst case, its the same accross the lot.. Now a days, with the speed of GPU's and hash rates, even one password can be used to build a dead on balls list of pretty much EVERY password you might/would use..
That is true, people are using weak passwords or they use one pass for all approach
I am not against login system that uses email address links, but I dont see anything wrong with people changing and adding usernames, login process would stay the same.
So having email links- no passwords... is the right route. I'm shocked it's not the standard.
And what happens if email address in hacked like it is happenng all the time? People can lose this standard and much more