1. bind user to email

2. allow login via magic link via email, after login the jwt/cookie/whatever should have no expiration date

3. (optional) allow one user to have multiple emails + merging accounts/users (call it backup email to collecr multiple user emails in advance, soft nudging only, not mandatory to use the product!)

4. (optional) offer any other way to login (un+pwd), google oAuth…

It‘s THAT easy.