Blake Patterson

Here, I encounter another damn bad and wrong website that dropped their password entirely for user login -- it's now only entering a phone # or your email address and having them send you a code -- AS IF YOU DO NOT HAVE A PASSWORD IN THEIR SYSTEM.

This process is far, far more annoying than just using passwords like normal websites.

Why in hell is this trend being shoved down our throats? It's terrible UX, and just stupid.

#websites #web #webdev #webdevelopment #UXUI #userexperience #idiots #fail #baddesign #internet #tech #webapps

Apr 6 at 12:04amWeb
Show threadFozzTexx5d ago

@blakespot I see you too use the safeway web site.

Isn't it so much better to not be able to use autofill on your password manager and instead wait several minutes to get into the web site to do something minor and now you'll just say forget it and go use some other service?

Show threadPhilip5d ago

@blakespot “We don’t know how to hash passwords or protect your data. If your email gets hacked, that’s your problem, not ours.”
At least that’s what I assume the reasoning is whenever I come across it.

And isn’t this why passkeys were created? No password to fret over for the company, but still allows password manager usage and immediate log in.

Show threadSnowFox4d ago

@mez @blakespot There's also "we don't have to worry about reused passwords", which is a pretty strong incentive IMO.

Passkeys are a mess. In general, portability is a mess unless your are happy trusting everything to a single company's ecosystem/account recovery process — AIUI none of the major providers have an "I'll do my own backups" option. As a specific exampl: iOS doesn't let you use them unless you enable iCloud Keychain, but "secure iCloud Keychain recovery" only requires knowledge of *any* of your device's passcodes (or I guess login passwords for a Mac) and a bunch of CCTV cameras have captured that since Apple does not support face-unlock-while-masked for the iPhone 11.

And the only significant advantage for users (over random password-manager-generated passwords) is that they might be harder for malware to steal if the implementation happens to be hardware/TEE-backed.

Show threadDeltaWye5d ago

@blakespot And if you ever lose control of your phone number or need to change it because of harassment or an imminent danger, you are absolutely screwed six ways from Sunday.

Your social security number has been replaced with your phone number. It may be just as bad.