Kinde opts for one-time passcodes (OTPs) over magic links for passwordless authentication due to several security concerns associated with magic links. Both methods eliminate the need for passwords and rely on the user's email access, thus enhancing security by leveraging more secure practices than traditional password storage. However, magic links pose additional risks, such as the potential for session hijacking if authentication is completed on a different device, susceptibility to phishing attacks as links can be swapped out in transit, and accidental expiration by antivirus products or email scanners prefetching the URL. These factors make magic links less secure and reliable, leading Kinde to favor OTPs, which are considered simpler and safer, as they mitigate these specific risks effectively.