Why is Anthropic holding my credit card hostage, and why are there no passwords?

Detailed Analysis

A Reddit user posting to r/Anthropic has surfaced two distinct friction points in Anthropic's account management design: the apparent inability to remove a saved credit card from a billing account, and the platform's reliance on email-based "magic link" authentication rather than traditional password-based login. The post reflects genuine confusion rather than hostility, with the user methodically noting they checked billing settings, account settings, and help documentation before concluding that either a removal option does not exist or is obscured to the point of being practically unfindable. The dual nature of the complaint — covering both payment data control and authentication architecture — suggests these are not isolated edge cases but recurring structural aspects of how Anthropic has built its consumer-facing account infrastructure.

The credit card concern carries real consumer protection weight. Users who add payment methods to test a subscription or make a one-time purchase have a reasonable expectation of being able to revoke that stored financial data at will. The inability to locate a clear deletion pathway — regardless of whether one technically exists buried in the UI — creates a perception of financial lock-in that can erode trust. In regulated markets, particularly in the EU under GDPR and in California under CCPA, users have explicit rights to request deletion of personal data including payment information, and any ambiguity in that process creates potential compliance exposure for the company. The framing of the post title, "holding my credit card hostage," reflects a sentiment that, while hyperbolic, resonates with broader anxieties about data custody in subscription-based tech services.

The passwordless authentication critique reflects a genuine tension in modern identity management. Magic link and email-based login systems have gained traction across the tech industry — Slack, Notion, and others have adopted similar approaches — on the grounds that they eliminate weak or reused passwords and reduce credential-stuffing attack surfaces. However, they introduce their own dependencies: users must have reliable access to their registered email, cannot log in without a live internet-connected inbox, and may find the flow disruptive in enterprise or shared-device contexts. Anthropic's choice to forgo passwords is a deliberate security posture, not an oversight, but it sacrifices the sense of direct credential ownership that many users, particularly technically sophisticated ones, prefer.

Taken together, these complaints point to a broader pattern in how AI-native companies like Anthropic are making UX tradeoffs that prioritize security architecture and streamlined onboarding over granular user control. Anthropic's core user base skews toward developers and researchers who tend to have strong opinions about system transparency and data autonomy, making these design choices more conspicuous than they might be for a mainstream consumer app. The friction documented in this post is emblematic of a company that has moved quickly to build billing and authentication infrastructure sufficient for rapid growth, but has not yet invested equivalent effort in the offboarding, data-removal, and settings-transparency layers that build long-term user trust. As Anthropic continues to scale Claude's commercial reach, pressure to address these gaps — through clearer UI affordances, more explicit help documentation, and possibly more authentication options — is likely to grow alongside its user base.