Mastodawn

- do you want to use google to sign in?
- do you want to add a passkey?
- do you want to add a 2FA token?
- we know you have 2FA but we've sent you an email instead
- this login attempt seems suspicious we've sent you a text about it
- can you click on these buses?
- you failed to click on the buses click on these bicycles instead
- should we save these details for next time?
- do you accept these trackers?
- you can opt out but we've decided it's legitimate interest anyway
- would you like to see a list of our 847 partners we share your data with?
- can we send you desktop notifications?
- can we access your location?
- do you want 10% off for signing up to the mailing list?
- do you want me to translate this page?
- hi I'm your friendly chatbot how can I help?
- oh no you can't buy this, reach out to us for a quote!
- do you want—

I'm tired boss

Judah Hansen Feb 21

@lichendust This service comes with hitting-you-in-the-head-with-a-frying-pan technology (don't worry, you can opt out by verifying your email and contacting our legal team!)

Man aging with 🏳️‍🌈 progress Feb 21

Sign in using 2FA hardware token, receive email "We've received a suspicious login! Click here to confirm it's you"

ffs, I used my bleeding hardware 2FA token; yes, it's me.

Man aging with 🏳️‍🌈 progress Feb 21

Even worse:

Attempt to sign into website on which I have my hardware 2FA configured. Correct password gets rejected. Oh, look; they sent me an email because they "don't recognize the computer" or "it's a sign-on attempt from a new location". I have hardware 2FA configured; don't fecking email-2FA me. I have hardware 2FA set up for a damned reason!

@praxiscode @lichendust Github has another trick: My (correct) password is rejected ever since I configured a passkey. I can still change the password after logging in with the passkey, but it is only ornamental.

ಚಿರಾಗ್ 🌹✊🏾Ⓥ🌱🇵🇸 (he/him)Feb 21

@lichendust On the desktop, I use uMatrix (technically unmaintained) with deny-all as the default. So useful for cutting down on so much of this!

Ambulocetus Feb 21

@lichendust "It looks like you are using an ad-blo-" CLICK

Akin to.. Just sign up to continue reading this article.

Ari [APz] Sovijärvi Feb 21

@lichendust Are you tired? We have a solution for you! Our brand new AI can sort all this out for you in no time! No need to think for yourself any more.

Stéphane Audic . For Hire Feb 21

@lichendust Even creating a gmail address has become a nightmare...

Flamekebab Feb 21

@lichendust if your site only has a form to ask for a quote, you're dead to me. If I could afford you then you'd have a price.

@lichendust we see you made a purchase would you like to add a worthless protection plan and these completely unrelated items

@lichendust All questions to make more money. Nothing there to actually support YOU.

Greys Abiding 🎹Feb 21

@lichendust 'Text 'STOP' to get on our list of people who actually respond to text messages.'

@lichendust "you've successfully authenticated with your passkey. please enter your 2fa code."

jfc i just remembered that nextcloud does this & i only forgot because you can touch your yubikey instead of entering a code

mapleleafroundel

@lichendust I have a headache by the SMS 🤕

@EdwinG @lichendust Is that because SMS is ridiculously bad for 2FA, or just because it's ghetto?

Ian Bradbury 🇬🇧🇪🇺Feb 21

@lichendust - I see you’re using an ad blocker. Click here to pay a small fee in order to watch this 15 second short, into which we’ll inject 3 pre-roll adverts.

Martin Enders (he/him)Feb 21

@lichendust hahaha I feel this pain

Michael McWilliams Feb 21

@lichendust The password field does not allow you to see what you typed. Even though you are at home and alone in the room.

John Deters Feb 22

@MichaelMcWilliams @lichendust They also disabled copy in the "type the new password twice" fields, so if you use a heckin' strong password generator that didn't include their special characters, and you fix it by hand, you won't see that the copy of the fixed password never happened and you're still pasting the bad one.

I want to spray those idiots with honey and spill an ant farm under their desks.

Lilith Ashley Nyx Arson

@lichendust please don't leave! check out now to save 5% off your order

IAmTorva Feb 21

@lichendust For me the most frustrating was logging into Microsoft Authenticator on a new phone. With no access to the old one.

- You have 2FA configured.
- You must use 2FA to login.
- Cannot use 2FA - Use alternative method.
- To use alternative method, you must login first.

Back to the start
- You have 2FA configured.
- You must use 2FA to login.
- Cannot use 2FA - Use alternative method.
- To use alternative method, you must login first.

Resetting 2FA didn't break the loop. Instead, they still expected me to use Microsoft Authenticator to login to Microsoft Authenticator.

The only way out of this loop was to use Google Authenticator.

Kerr Avonsen (she/her)Feb 21

@TorvaFirmus @lichendust This demonstrates exactly why a phone is a Single Point of Failure.

Why don't they teach them comp.risks at these schools?

Yenn dc ☂️Feb 24

Just use Aegis. Much better than either of those. ;3

IAmTorva Feb 24

@yenndc Never heard of Aegis. Who owns that?

Yenn dc ☂️Feb 24

Aegis Authenticator?

It's GPL-ed software, so no one, at least in the usual sense. 😉
There isn't any corporation backing its development either (AFAIK).

You can check its "promotional website": https://getaegis.app/

Or it's code repository: https://github.com/beemdevelopment/Aegis

As a little green flag, it's available on F-droid as well: https://f-droid.org/packages/com.beemdevelopment.aegis

Aegis Authenticator

Aegis Authenticator is a free, secure and open source app for Android to manage your 2-step verification tokens for your online services.

LittlePolarBear Feb 21

@lichendust
Your email is suspicious! Please provide all these details to identify yourself before we can sell you our stuff.

Thomas Thyberg Feb 21

@lichendust
"- would you like to see a list of our 847 partners we share your data with?"

"You can opt out by toggling them individually"

@thyberg “Or you can just ‘continue without accepting,’ but then the 754 of them that have ‘legitimate interest’ will stay on.”
@lichendust

:kura_explode:Feb 21

@lichendust hi tired boss, do you want to use google to sign in ?

Nic3 🇪🇺Feb 21

@lichendust hahaha jaaaa

Curioso 🍉 🇺🇦 (jgg)Feb 21

I miss the days when I could sign in with Google 2FA at work.

Now we are using Microsoft 2FA, and it is a fucking nightmare. Sessions get lost, half of the time the it refuses the login because of who knows why, and when it goes right it is even more cumbersome than Google's.

mousebot Feb 21

@lichendust gaslighting, abuse...

Dragofix Feb 21

@lichendust If your privacy settings are very good, this

"you failed to click on the buses click on these bicycles instead"

could go on for 6 (very slow) rounds and still fail and you have to start again. 🤣

Ashwin Dixit Feb 22

@Dragofix @lichendust

"Hmmm...seems like you are nearly blind. Would you like the audio version of captcha instead? It's called gotcha."

Dragofix Feb 23

@purrperl @lichendust 😂

Janeishly Feb 22

@Dragofix @lichendust Yep, I get that a lot. Extremely frustrating, but an exercise in just not accessing whatever it is and being content with that

Dragofix Feb 23

@janeishly @lichendust Indeed. I could swear that it doesn't even matter if you click on those perfectly right as long as you don't click too many wrongs. The trick is somewhere else. The clicking part is just cosmetic. 😁

Pseudo Nym Feb 21

It's extremely ironic that the AI image parsers have gotten good enough to solve the captcha that humans can't.

Why did I open this page? Don't remember, close tab.

@robelix @lichendust

This is a real issue. And I can feel for those with ADHD out there.

For every new thing I'm doing, I open a new browser window, so all tabs in that window are related to the topic. the first tab is a web search, with the search phrase of what Im doing (of course the search engine is Qwant, DDG, Brave or Ecosia). subsequent tabs might be the rabbit hole for that topic, but at least im not forgetting shit 🤪

Ciourte Piaille Feb 21

@lichendust "do you want me to translate this page?" is still nicer than the ones who just decide you'll get the awkward automated translation without telling you and, somewhere, have an icon that opens a menu to disable it and see the original content.

@lichendust oh, you didn't want to sign-up for the newsletter? Well too late, you're already subscribed.

Oh, you want to unsubscribe? That'll take 5-10 business days

Cookiefiend Feb 21

@lichendust And never the option I always want:
No. Now fuck off and die.

Cadbury Moose Feb 25

@LPerry2 @lichendust

This moose is getting very tempted to drop any site that demands a signup to read stuff straight into /etc/hosts forever.

3:O|>

Jargoggles Feb 21

@lichendust
And there's never an option to say no to any of them, only "maybe later."

kennebel Feb 21

@jargoggles @lichendust for the email newsletters, “we see you unsubscribed, why? … I don’t remember signing up for this” what crap, you know I didn’t, you bought my email from someone.

@kennebel @jargoggles @lichendust

thats because they're lazy assholes, and dumped all emails into the same list & now getting us to sort the stolen and bought ones!

@lichendust Anyone else find themselves batching online tasks so they have to log in less often?

@mike805 @lichendust

This is a much bigger #productivity question. I tag my tasks in my To-do list with "resource_internet" (yeah, sounds very 1990's). But Im working my way through the discipline of cutting through the shit thats thrown at us by today's internet! Im the target rabbit for every rabbit hole out there!

@viharm @lichendust I do some user support and login/password issues are one of the most common. Neither password managers nor SSO solve it.

People with password managers, do not know their passwords and cannot type them when they need to. They are helpless without the plugin. My encrypted text file does not have that problem.

SSO sort of works but the user changes their password and now has to re-login to mail, edit database connections in Navicat, update app passwords in Thunderbird, etc.1/2

@viharm @lichendust Google actually punishes responsible password policies in that changing one's Gmail password invalidates all the app passwords. If you had K-9 on a phone or Thunderbird on a PC you have to re-enter those.

Very often users get locked out of their databases and I have to remote and fix it.

They can even lock me out because my account is on their machine for support. If they try and fail to login as me by accident, my account gets locked and I have to fix it. 2/2

@lichendust we need your government ID, selfie from 3 different angles, fingerprints, feet pics and you to pay us 20$ monthly so you can distribute your application outside of our app store as an apk, thanks please!!
(https://keepandroidopen.org/)

Keep Android Open

Your phone is about to stop being yours. In September 2026, Google will block every Android app whose developer hasn't registered with them.

Jeff Atwood Feb 21

@lichendust wait do I allow cookies first