The whole one-time link thing is great, although I also like and would still want two-factor authentication(2FA) on anything that offers it. It allows me to pause, take a moment and reset all X passwords that I haven’t changed within the last 6 months (according to whichever password manager is taking my fancy at the moment). 2FA makes things slightly harder, as to my knowledge there has yet to be a successful hack of a 2FA system that has gotten to the presses attention. That’s not to say it hasn’t happened of course. Here’s hoping it doesn’t happen soon.