HEY BUT DO YOU WANT TO USE A PASSCODE?? PASSCODE! PASSCODE! USE THE PASSCODE! -_-
Yeah what the hell is up with that one? Seems so sketchy
Passkeys are okay, but your browser and OS want you to use them because you can’t just take a passkey to another platform, you have to create a new one, and it’s a pain in the ass.
It’s a lock-in gimmick latching on to a real useful solution.
Ah but you see it’s one factor of authentication that also conveniently loops in whichever email provider is spying on you
Or worse:
Use email link -> use password instead
Enter password
Now enter the code that we sent you your email…
The best I’ve seen was yesterday where a website had the log-in button greyed out after the password manager filled my creds in.
So I had to manually click both the email and password field. Just click them. Then it enabled the log-in button.
So someone took their time to write a piece of JS that said “If the user hasn’t focused both fields at least once, no login”. Literally why? Extra code that does nothing useful.
I was hoping passkeys would be the solution to this madness, but it seems to me the entire spec gives too much power to the OS Makers and too little to the users because “mUh AtTtEsTatIoN” so now I don’t know anymore
I’ve definitely run into that. Even more frustrating is when there was one particular site that forced me to actually delete the last character of my password and then retype it. Just focusing in the field wasn’t enough, I had to actually send it a keystroke. And Ctrl-V to paste the password in manually didn’t count. I suppose typing a random character at the end and then deleting it would have worked too.
When ctrl+v is disabled to “prevent brute force bots” or something ridiculous
God I hate those stupid magic links. They’re WAAAAYYY slower than just using my password manager.
AND they kinda contribute to locking you into Big Tech. I sometimes have problems with those stupid links because I don’t have a Gmail account. Somewhere along the stupid chain there’s probably some stupid check that delays or blackholes emails to non-big-tech domains.
Based.
Email is terrible. It’s an unreliable communication system. You cannot depend on sent emails arriving in the recipient’s mailbox—even the spam folder.
People incorrectly assume that all emails at least get to their spam folder. They don’t. There are multiple levels of filters that prevent most emails from ever making it that far because most email traffic is bots blasting phishing links, scams, and spam. Nobody wants phishing and scam emails, but the blocks that prevent those are being used by big tech to justify discriminating against small mail servers.
I can’t remember the site, now, but I literally couldn’t log into one this week because the email never arrived.
alternatives to passwords are just excuses to harvest info
Passkeys ❤️
If they arent on a USB stick, protected against being copied, they are only a single factor that instill false safety.
Passwords are a single factor, and passkeys are an easier-to-use single factor with the benefit of not being susceptible to brute force, dictionary attacks, or guessing.
Also This strange trend to split username and password on to two separate pages, or only showing the password field after confirming the username
That ones because users like choice. They need to look up who you are to know how you’ve chosen to authenticate. At least, that’s how it started. Some could be doing it because the big kids are, but that’s why the big kids do.
And they support choice because businesses want to use their login infrastructure and refuse to share. So you enter “user@businessOrUniversity.com.edu” and it forwards you to your institutional login.This is because of Enterprise Single Sign On. You can try this for yourself by going to https://gmail.com/ and enter the email of a public person at a large org, for example the CEO of Doordash (
tony@doordash.com). After you enter the email, you get sent to Doordash’s employee portal to authenticate. Based on the email you provide, Gmail has to figure out if you need to provide a password to gmail itself or if the email authenticates another way.It’s not like you can’t add a “Log in with your company’s SSO” button to the form. That works just fine and at least Microsoft does something like that.
No it doesn’t work fine, because it confuses people, and provides the potential for working-around SSO.
- Username
- Password
- MFA
- Do the whole process all over again because the remember this device is on step 2 and it’s impossible to go back
Bonus stage 0: special login URL decided to crap out, and going back to any point in history automatically redirects to the error page that you can’t use to log in, so you need to keep going back and trying to copy the URL before it redirects becausw Firefox interprets pressing “stop” as “do whatever you want idk”
Fucking aws…
I generally get bored and forget what I’m doing so the page refreshes.
You forgot step 2.5: incorrectly identifying stoplights 6 times in a row.
Oh fuck, the stone piles -thing is the worst of those. Tiny images, badly generated so you can’t see shit, multiple rounds that have six or so images each round, you can’t make a single mistake, and you get to know did you make any mistakes only after completing all of the rounds. It’s straight up abuse
Once I had to try over five times and still kept failing, so I just gave up. I guess I’m not a human anymore
I actually like seeing those, when I have time, because I assume they are training ai with it and using my selections as tagging data. Pick all the cars: nope, everything but cars.
I’m probably the reason you fail, because I’m poisoning the data and reducing the confidence scores for the tags.
I remember when doing those captcha felt like improving computer science and that was a positive thing, teaching computers to see. How quickly we’ve fallen.
You’re probably getting flagged. You have to be just slightly off. Miss one or two by a square or two. And remember that image so you repeat it every time.
It took me years to learn that you’re supposed to do them very slowly. Otherwise it will keep bothering you to fill out more. Pretend you are 80 years old and you’re good to go on your first try.
Not that strange. Different users may belong to different groups which may have different authentication backends. The associated authentication method is brought up once a username has been provided.
Yes, but, it also lets them slurp up email addresses. Routing users is legit tho.
Very few things on the internet and computer actually need accounts. Everything requiring a login is a cancer.
