Transcript
A tumblr post saying "i really like this thing where websites will have separate “log in” & “sign up” buttons and if you click “log in” it takes you to a sign-up screen anyway so you have to click “i already have an account” and then it will ask if you want to sign in with your facebook account or with instagram or linkedin or deviantart or whatever, and if you choose “username & password” it asks if you want to put in your username or use your thumbprint, and once you put your username & password it emails you a confirmation code, and once you put in the code it says “do you want to give us your phone number for future sign-ins? do you want to sign up for facial recognition? do you want to give us your bones? give us your fucking bones?”
And whoever came up with the idea of putting email on one page and password on another: You suck.
I can never get my password manager to handle that proper. WTF is even the point?
I came to the comments to post this exact complaint. I’m sure it’s considered more secure somehow, (maybe to prevent autofill attacks?) but at least code your fields properly so my password manager can auto detect the username field.
Also, phone number/ZIP code fields that pull up the full keyboard on mobile, instead of just the number pad. There’s no reason to show the entire keyboard, and phones have the ability to detect what kind of input the field wants… But website devs don’t bother coding their fields properly for numbers only, so the phone pulls up the full keyboard by default.
Lastly, 2FA fields that break paste. Like when it’s asking for a 6-digit TOTP code, and the field is actually broken up into two 3-digit fields instead.
countries with alphanumerical postal codes exist, so unless you are 100% sure, that your service won’t be used by someone from such a country, you’d better allow alphanumerical inputs in your postal code field. Addresses in general are tricky, because they work different across the globe, for example house numbers are not a thing everywhere, hell i am not sure if streetnames are a thing everywhere.
Feels like a security issue to me. You could put in literally anyone’s email address on a site that does this and immediately know if they have an account there or not. Even if you don’t know their password, you know something new about that person.
I feel you on all these other ones too. There’s a lot of UI/UX designers out there that need to be barred from that field forever.
in the uk post codes have letters
its because of SSO. if your company signs up for something that implements SSO then the tool will need your mail, recognizes that you‘re from company X, and forward you to yoir companys login page so ot can get an auth token
Yes, this, but I don’t think just for organization’s login pages. The email may also lead to a google sign in (for example) or some other single sign on (SSO). The site you are on needs to know the email to decide what to show next to continue the log in process.
That said, web devs should be coding the fields correctly.
sure, the company was just used as an example for people who dont know the term SSO
Github doesn’t use two screen login but also still works with sso.
KeePassXC lets you edit the auto-type for each individual password, so you can have it go
{USERNAME} {ENTER} {DELAY X} {PASSWORD} {ENTER}
x would be a number of milliseconds you may need for the next page to load in
Usually it’s because some chucklefuck put SSO in the requirements so now everyone has to suffer so that SSO users get their redirect before being shown a password field.
Sometimes though it’s an absolutely braindead web designer who definitely doesn’t have SSO as a requirement but has no idea what he’s doing and is just doing the mr-bean-cheating-on-a-test.gif and copying their Microsoft login form.