Email: Also email a 'Login Link' the user can just click. #50
Description
This will avoid the awkwardness of remembering or copypasting a code when switching between apps on mobile.
Not as a full replacement for code, offer the code as well if they prefer it, but as a convenience thing.
We'll also want to confirm that the actual link clicker is coming from the same IP and User Agent that the initial first step of the login came through -- or maybe has a 'part1' cookie set or something -- just in case the email is exploited, we don't want someone quicker on the draw to click on the link and hijack the login.