Recently finished a side project and I was glad I could go with pure login/pass auth. No email no oauth, just a pass phrase for account recovery. It's refreshing and so damn simple.

[–] Xziz@lemmy.world 8 points 1 month ago

A lot of motherfuckers typing in code with a keyboard need a beating with said keyboard.

If a programmer can’t get a login form right they need permabanned from ever shipping another release.

[–] kandoh@reddthat.com 7 points 1 month ago (1 children)

Very few things on the internet and computer actually need accounts. Everything requiring a login is a cancer.

[–] teaHead74@programming.dev 5 points 1 month ago

Yes and no in most cases it is used to limit misuse somewhat but i absolutely agree that its taking over hand. God bless trashmails.

[–] 13igTyme@piefed.social 6 points 1 month ago* (last edited 1 month ago) (1 children)

It's over the phone, but the "We'll send you a text to confirm your identity if you provide a phone number." Has got to be one of the stupidest wastes of time.

load more comments (1 replies)

[–] maniclucky@lemmy.world 6 points 1 month ago

Worst one I've seen: username and password plus a 2FA email, BUT if you hit enter instead of clicking the last button it refreshes the page.

[–] RamenJunkie@midwest.social 6 points 1 month ago

Also, those stupid annoying modern log in pages where it just asks for your email, then refreshes to a page with a password, because the password managers are hit and miss on detecting the log in form when it does that shit and why the fuck are we doing an extra step oage anyway????

[–] TheObviousSolution@lemmy.ca 5 points 1 month ago* (last edited 1 month ago) (13 children)

On the other end, there is an excessive use of 2FA with systems for whom the concept of SSO seems to be a foreign thing. It's also sort of funny that 2FA can just mean using a TOTP capable password manager, reverting it back to one factor.

load more comments (13 replies)

[–] bamboo@lemmy.blahaj.zone 5 points 1 month ago (1 children)

I can imagine that the sites want to validate that you still have access to the email associated with the account, and asking people to check their settings is annoying, and they know no one will do it. I can also imagine that sites want to know as much about you as possible, don't want you to be using burner email addresses, and are probably selling the fact that your email address can still receive email to marketing firms who compile that info.

[–] Sprinks@lemmy.world 8 points 1 month ago

Annual/routine email verification fills that need, though. For the sites i do support desk for, an email verification link is sent during account creation and then annually. If the email address is not verified then on login the account holder is prompted to either resend the verification link or change it and verify the new email.

[–] baller_w@lemmy.zip 5 points 1 month ago (1 children)

Passkeys or oauthn/fido. I just can’t believe we’re still talking about passwords in 2025 when these very robust, user friendly features have been widely available for years.

load more comments (1 replies)

[–] slut@lemmy.world 4 points 1 month ago

Exactly

[–] justOnePersistentKbinPlease@fedia.io 4 points 1 month ago

But if they don't get an active email and/or phone number.

How can they then turn around and sell that to info brokers and spammers.

load more comments