draNgNon
antipatterns:
a) common and I know you hate it too: do not allow paste into the password box
b) less common but extremely enraging: do not allow 2FA pin to be entered from the num pad on an extended keyboard
c) convenience isn't worth it: ditch the "remember me on this computer"
d) epic's two-way connecting of two myhealth systems, one of which requires 2FA and one which doesn't offer it.
counterbalance with a good pattern: ask for the 2FA before prompting for the password
draNgNon
@mattly it hit me a couple months ago and I could NOT understand why I was only able to log in from my laptop... when I finally figured it out I was having a great despair
draNgNon
@mattly oh oh the other one, this is a more complex sequence
1. try to log in from a link in a legit email
2. fail. tell it to send you password reset email
3. "invalid email address" / "no such email address in our records"
4. "too many log attempts you are locked out"
5. 🤔 lock out the "unknown" email address, hm?
I am perma-stuck in that situation with a couple online accounts. one is a bank, and I had a VC meeting with the bank rep, and it still could not be fixed.
draNgNon
@mattly I can literally get the email for resetting the password, click on the link in the email, and be told that email address that was just mailed is unknown to the system. for (I hope) obvious reasons I am not posting a screenshot/video grab of it.
separately, mychart/epic is a nightmare of inconsistency from separate providers. perhaps add to your bingo: separate paths to login to account with different levels of security/2FA
anyhow it's all an excellent reminder why we have: ¯\_(ツ)_/¯
draNgNon
@mattly oh I saw you posting about that. Ugh, but DMCA? did you copyright all your photos?
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.