Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
This is exactly why separating the login flow into identification and authentication is so common nowadays. Such flows are way more ergonomic when authentication methods vary.
-
Exactly the same thing it says if a password user enters an email and an incorrect password. Minimise the information you might inadvertently give to an attacker if you told them the specifics.
-
TheNewGuy803yI do not know, if I totaly miss how social logins work:
from my experience you talk about single-sign-on in the end:
- the authority is the social network
- no login will happen on your side
- your website will forward your user with a challenge/nonce to the social network login/site
- this side will do validation with the user and then forwards back to your side *(with a authentication token that encrypts the challenge/nonce and informs your website authority about the fact 'user authenticated on our side and is who he says he is'
- then you give the user your token
In the end everbody was happy and no password *field* was needed
Am I mistaken in some way? -
ctnqhk11463y@TheNewGuy We have both social login and email/password. Most of our users are on the older side. So there was a high chance of someone signing up using social login, forgetting that’s how they log in, trying all sorts of email/password combinations, and calling customer support because they can’t log in to their account.
-
TheNewGuy803y@ctnqhk
Oh man, those layer 8 problems ^^
I feel you
-> maybe a careful change in the UI could help to distinguish
(e.g. a popup/other ui-addition that hints: you made three invalid logins, maybe try the NEW social login)
.. but users can not be helped sometimes :/ -
ctnqhk11463y@TheNewGuy This company cannot be helped. The create an account and login forms are on the same web page and are side by side. I’m all…why???
-
TheNewGuy803y@ctnqhk I am no designer and I do not know much about design
I really wonder in which field such a UI is common
(Implicitly I expect, that nobody would a priori believe such a design should be adapted; comming from separated pages for sign up and login) -
@TheNewGuy It's actually fairly common because many clients believe that having more stuff on the same page is simpler. I generally tend to agree, my choice of a username is determined by whether I'll have to authenticate with it or I can use the email, so seeing the login form while I register is useful. It's perfectly pointless to build an app out of a hundred views with a single centered textbox. Google did it because they wanted to create an impression of simplicity, but if your app isn't actually as simple then it's just unnecessary navigation.
Related Rants
-
kiraDev8My boss wanted to hide the web application source code from the browser dev tools, he wanted to force the clie...
-
practiseSafeHex11Request from a senior backend dev in a previous company: Talking to the team thats responsible for the auth A...
-
ZioCain4I might have told this in other rants, but this thing (requested from the client) is one of the worst thing I'...
This is what happens to overworked PMs.
Me: When users create accounts with social logins, they don’t have passwords in our database. If they try to enter an email and pw on the login form, what do you want the error message to say?
PM: Can we add a modal that says “Your account doesn’t have a password, set one now.” And have a password field?
Me: ☠️ That…would…allow…anyone…to…hijack…an…account…
PM: Right. Never mind.
rant
wk282