Why the switch to passwordless login?

Having had a number of security concerns around brute force attacks (none were successful), we've had to implement a new method of logging in which does not give attackers a way of trying to attack passwords.

It requires you enter your email and click on the button. This will send you an email with a login link. Once you receive that email simply click on the link to be automatically logged in.

This log in link will be valid for a full 30 days and once logged in you will be logged in for a full 30 days. In addition, when you are already logged in and access the site your 30 days will be reset.

Practically, this means that if you log in now and then close your web browser, and then visit the login page at a later stage before the end of the month, it will automatically log you in without needing to get another email. Not only that, but it will have reset the 30 day period meaning that when you go back to the login page tomorrow or the next day you will still be logged in.

Effectively this means you will remain logged in, as long as you check in at least once within a 24 hour period and you're not using private/incognito browsing.