• orca@orcas.enjoying.yachts
    25·
    16 hours ago

    Here’s my recent favorite:

    • Try to log into site
    • Tells me my password is wrong… uhh okay
    • Try to reset password by auto-filling a new one from my password manager
    • New password set successfully! Yay!
    • Try to login again… fail. Wrong password… fucking what…?
    • Realize that their password field was clipping the password length off at some max length not fucking mentioned anywhere, so I have no clue what the actual password is without trial-and-erroring, which then results in an account lockout again

    I’m a programmer and this kind of blatant stupidity from massive companies pisses me off to no end. MAKE YOUR PASSWORD REQUIREMENTS CLEAR. MAKE YOUR UX CLEAR.

    • MisterFrog@lemmy.world
      10·
      11 hours ago

      Maximum password lengths at anything below 64 characters grinds my gears.

      Signed up for a bank account once that limited you to 12 characters. 12. And you could only chose from like 4 special characters.

      No 2FA. No no. But the customer service agent pointed out they require you to also use a 6 digit second password!

      That’s a 18 digit password where 6 of them must be numbers.

      Absolute travesty.

    • d00phy@lemmy.worldEnglish
      11·
      16 hours ago
      • Doesn’t show password requirements until after first attempt is rejected
      • Password expiration w/o any alert
      • Arbitrary password length requirements (specifically max length)
      • Arbitrary character requirements (particularly disallowing or only allowing a certain subset of special characters)
      • Only offering SMS as “2FA”
      • Using email “2FA” on every. Login. Attempt. And offering no real 2FA alternative.

      All of these are reasons I will look to move my business to a competitor.