view the rest of the comments
Technology
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
Here's one that annoyed me this week. Juniper - the enterprise router people - require you to have an account to do their training. That's a web account that won't let you use more than 20 chars in your password, and won't let you paste a password.
Not 2fa, I'll grant you, but it's from the same bucket of dumb insecure shit that you're talking about.
The fields where you can’t paste a password or any other types of data like credit card info absolutely kill me. It’s doing the exact opposite of adding any level of security and it’s just infuriating.
My favorite recently is my company has TOTP 2FA but you can’t paste the 6 digits. You have to type in one digit at a time, each being its own box. Paste fails in every browser I’ve tried. It’s just a shitty user interface.
A bunch of companies seem to be implementing that version (not being able to paste the 6 digits). It's just asinine and makes me think less of any product / company using that style.
I hate all of these things so much. Like somehow my clipboard (which any halfway decent password manager either doesn't use, or scrubs clean after use) is the weak link in the security chain.
I'll go one better to @digdilem@lemmy.ml's example: I once created an account on a "security" vendor's website (quoted, because they acquired security products, rather than developing them) that limited passwords to 12 characters. They didn't tell you - they just shortened it before (presumably) storing the hash.
Fun and fucking games trying to logon each time, when your password manager has stored the random 16 char password you thought you were setting.