Ancestors

Toot

Written by Simon Jaeger on 2025-01-24 at 23:29

Tech companies: Be careful not to use the same password everywhere. Use a password manager.

Also tech companies: Our login form has the email and password on separate pages and no matter how many times you click the "remember me" checkbox, we'll never remember your email. Also your password can't have these arbitrary characters in it because our chief of password operations was underpaid and undercaffeinated when we wrote this authentication system in 1995.

=> More informations about this toot | More toots from simon@procrastodon.net

Descendants

Written by James Scholes on 2025-01-24 at 23:33

@simon Does having the password field on a separate page prevent you from using an auto-filling password manager? I still use a manual copy/paste one on desktop, so not sure.

=> More informations about this toot | More toots from jscholes@dragonscave.space

Written by Simon Jaeger on 2025-01-24 at 23:35

@jscholes It doesn't prevent you, but password managers like Bitwarden have the email or username stored as well, so it does cause me to have to manually enter the email address. And these fields are inevitably not tagged properly so iOS doesn't offer to autofill the email.

This might be exasurbated by my using a PIN for my password manager. I guess if I didn't, I could just fill the email in a single tap. But that seems like a necessary security measure.

=> More informations about this toot | More toots from simon@procrastodon.net

Written by Mikołaj Hołysz on 2025-01-24 at 23:37

@simon @jscholes Huh, Safari on Mac and its built-in password manager actually knows how to deal with that somehow.

=> More informations about this toot | More toots from miki@dragonscave.space

Written by Mikołaj Hołysz on 2025-01-24 at 23:35

@simon How else would you handle non-password-based authentication systems, if not with separate pages?

=> More informations about this toot | More toots from miki@dragonscave.space

Written by Simon Jaeger on 2025-01-24 at 23:40

@miki Hmm, I guess that's fair. I don't know what else the login systems I'm using actually support. I only ever use passwords.

=> More informations about this toot | More toots from simon@procrastodon.net

Written by Mikołaj Hołysz on 2025-01-24 at 23:44

@simon Enterprise authentication systems. Microsoft Entra, Okta and so on.

If you try logging in with an enterprise account and they have that set up, you'll be redirected to their auth system instead of having to type in a password.

=> More informations about this toot | More toots from miki@dragonscave.space

Written by Enema Cowboy on 2025-01-25 at 16:02

@simon

Also, "we require that you change yor password periodically for no justifiable reason.

@Lazarou

=> More informations about this toot | More toots from Enema_Cowboy@dotnet.social