It would be interesting if email started adapting to this new use. For example, if we standardized around these login emails being sent from login@url.com, then you could set up a rule to automatically delete any email from login@url.com after 5 minutes. Over time, if this caught on, you could imagine this being standard practice by email clients vs. a custom rule.
This of course only solves problem (1) that you mentioned and possibly(?) (2) partially.
It occurs to me that this is kind of an interesting evolution of systems like 1Password, where the user experience is very similar: you have one password that gives you access to other passwords. Similarly here, your "one password" is your email password, and that gives you access to what is conceptually a new password on every login (vs a pre-generated one).
I wonder if we couldn't solve 3 and 1 together by creating a "login email provider". For example, pretend dropbox wanted to offer this service. Dropbox gives you an @dropbox.com email specifically for logging into places. When a login email was sent to you, you would go to dropbox and navigate to the logins tab, which would have a very non-emaily interface showing you the last login links that were sent to you (again, auto deleted after 5 minutes -- and since this is not meant to be used as normal email there is no expectation for them to last longer). If websites only supported "known" services like @dropbox.com for this kind of login, then the (3) could be solved. Maybe to make things even clearer, the .login TLD could be used or something.
You could accomplish a lot of this with a Chrome extension that operates on your gmail window. Heck, it could even listen for login emails and open the tab automatically when they arrive.
This of course only solves problem (1) that you mentioned and possibly(?) (2) partially.
It occurs to me that this is kind of an interesting evolution of systems like 1Password, where the user experience is very similar: you have one password that gives you access to other passwords. Similarly here, your "one password" is your email password, and that gives you access to what is conceptually a new password on every login (vs a pre-generated one).
I wonder if we couldn't solve 3 and 1 together by creating a "login email provider". For example, pretend dropbox wanted to offer this service. Dropbox gives you an @dropbox.com email specifically for logging into places. When a login email was sent to you, you would go to dropbox and navigate to the logins tab, which would have a very non-emaily interface showing you the last login links that were sent to you (again, auto deleted after 5 minutes -- and since this is not meant to be used as normal email there is no expectation for them to last longer). If websites only supported "known" services like @dropbox.com for this kind of login, then the (3) could be solved. Maybe to make things even clearer, the .login TLD could be used or something.