@glyph Did you quote post something?
Uncategorized
903
Posts
312
Posters
0
Views
-
It is difficult to express how bad microsoft’s authentication system is. like it’s not just “bad” or “broken” or “buggy”, it is a world-historic interaction design catastrophe. no matter how bad you think it is, no, it’s worse than that actually.
@glyph I had an astonishingly similar experience prior to passkeys. It was a nightmare to understand and navigate. Microsoft layered Passkeys on top of a mountain of shit hoping that suddenly the smell might be less obvious. It isn't.
-
granted, probably 1/3 of the difficulties here have to do with microsoft’s ill-conceived “think of the children” account system, and buying the game as a regular adult with a single account would have been massively easier. but still, you’d think that a PM somewhere in the org would have considered that it is *possible* that a child might want to play … minecraft
@glyph I went to play a little Minecraft recently and they had deleted my account with no path to recovery to play the game I paid for fair and square. I would never recommend people buy anything from them.
-
@glyph I went to play a little Minecraft recently and they had deleted my account with no path to recovery to play the game I paid for fair and square. I would never recommend people buy anything from them.
@mirth bummer :-(. the migration window was open for like … 10 years, but my spouse also almost missed it, and only caught it by luck. she either didn’t get, spam-trapped, or didn’t read the relevant migration spam and she only noticed that she needed to do a manual migration because she happened to get a new machine and thus lost her old-style auth cookie a few months before it closed forever
-
@morgan having created a google account in the dark times where I do not think a gmail address was necessary, I am frankly glad that they stopped allowing that. or maybe I did have a gmail account but also had another email I could log in with, but it absolutely never worked correctly
-
@morgan having created a google account in the dark times where I do not think a gmail address was necessary, I am frankly glad that they stopped allowing that. or maybe I did have a gmail account but also had another email I could log in with, but it absolutely never worked correctly
@morgan but yeah passkeys are absolutely ancillary to the main problems
-
*I* accidentally provisioned a passkey in this process somehow and I wasn’t even the one trying to authenticate
@glyph OK, that is *impressively* bad UX.
-
@glyph OK, that is *impressively* bad UX.
@xgranade I swear I am not doing it justice. I am making it sound quirky and fun and not the grinding misery that I experienced here
-
@xgranade I swear I am not doing it justice. I am making it sound quirky and fun and not the grinding misery that I experienced here
@glyph@mastodon.social @xgranade@wandering.shop they say tragedy + time = comedy, but this thread also suggests that tragedy + a montage cut = comedy because
-
@glyph I vaguely recall that microsoft has a company-wide mandate enforced by performance evaluations for all employees to "improve security". considering that security is a purely additive concept, it stands to reason that every new "two" factor challenge "improves security"
@aeva In all seriousness the fact that it seemed to still use push-notification MFA and emailing both links and codes even after provisioning passkeys, I do not know that I could have designed a better conditioning scenario for alert fatigue to ensure users are maximally primed to get phished as easily as possible
-
@aeva In all seriousness the fact that it seemed to still use push-notification MFA and emailing both links and codes even after provisioning passkeys, I do not know that I could have designed a better conditioning scenario for alert fatigue to ensure users are maximally primed to get phished as easily as possible
@aeva like mcc and I have a bit of a nuanced ongoing quibble about the value of phishing resistance and thus of passkeys. but it’s like this system was engaging in some kind of contest to figure out how to get all the UX complexity and unpleasantness of passkey auth but with a strict requirement that it must remain trivially phishable
-
@mirth bummer :-(. the migration window was open for like … 10 years, but my spouse also almost missed it, and only caught it by luck. she either didn’t get, spam-trapped, or didn’t read the relevant migration spam and she only noticed that she needed to do a manual migration because she happened to get a new machine and thus lost her old-style auth cookie a few months before it closed forever
@glyph It's pretty dishonest and probably breach of contract but in the US this tends to be how things go.
-
@glyph@mastodon.social @xgranade@wandering.shop they say tragedy + time = comedy, but this thread also suggests that tragedy + a montage cut = comedy because
-
It is difficult to express how bad microsoft’s authentication system is. like it’s not just “bad” or “broken” or “buggy”, it is a world-historic interaction design catastrophe. no matter how bad you think it is, no, it’s worse than that actually.
@glyph I've had the immense displeasure of having to use sharepoint recently and it's truly a russian roulette of whether or not I'll be able to access a document I had access to the day before. hilariously the most reliable way to regain access is to *clear* cookies, aka logging out??
-
@glyph I've had the immense displeasure of having to use sharepoint recently and it's truly a russian roulette of whether or not I'll be able to access a document I had access to the day before. hilariously the most reliable way to regain access is to *clear* cookies, aka logging out??
@nebulos oh yeah up until about 8 months ago, I had to manually clear cookies on 10 different domains in order to even be able to log in on macOS safari. not obviously connected domains either. I had a whole checklist. it’s been a big upgrade to be able to auth without using dev tools
-
@nebulos oh yeah up until about 8 months ago, I had to manually clear cookies on 10 different domains in order to even be able to log in on macOS safari. not obviously connected domains either. I had a whole checklist. it’s been a big upgrade to be able to auth without using dev tools
@nebulos to be clear I am not doing a bit here, this is 100% literal. I have no idea why my account was in this state for years while most aren’t; I do know *most* aren’t
-
-
@nebulos to be clear I am not doing a bit here, this is 100% literal. I have no idea why my account was in this state for years while most aren’t; I do know *most* aren’t
@glyph everyone I know who uses sharepoint has at least a *little* bit of this problem, even if it's not quite so bad as 10 domains but idk wtf's going on at microsoft - I've seen more sensible engineering in my toilet bowl
-
It is difficult to express how bad microsoft’s authentication system is. like it’s not just “bad” or “broken” or “buggy”, it is a world-historic interaction design catastrophe. no matter how bad you think it is, no, it’s worse than that actually.
@glyph … and woe betide you if you have the misfortune to both (a) be a teacher in a school system that uses MS infrastructure, and (b) have children studying in the same school system. This appears to be a use case that MS authentication is unable to account for. It doesn’t matter what you’re trying to do - you’re logged into the “other” system, and trying to correct things only makes things worse. Incognito browsing and/or completely separate browsers appears to be the only solution.
Ask me how I know.
-
if this is how most people encounter passkeys it’s no wonder that they fucking hate them. it feels like getting tricked. because it is getting tricked. I was tricked
@glyph this is the exact trick is why I won't use them.
(My daily driver is a windows machine. It's got this slime at the os level)
-
the folks trying to get open source developers to boycott github are barking up the wrong tree. just get an agent hired at microsoft who internally advocates to remove unnecessary duplication in the login systems. get a promo out of it, it totally makes business sense. require every current github user to use login dot live dot com. 50% marketshare reduction within the year, I guarantee you
Two things.
1) Who is there bullying developers to boycott it? WTF?!? That sounds a bit extreme considering the platform is getting more and more annoying to use all by itself by the day...
2) I'm surprised that Microsoft hasn't forced GitHub to use Azure AD for Authentication by now too...
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@Lucatermite @colpam @brozu @Paoletta1908 @IlCava @uz il risultato del pomeriggio è ottimo: pareggio con l'ultima in classifica!
-
today my mac prompted me to update my OS to Tahoe.
I don't like liquid glass, anything else worth having?
-
@colpam @brozu @Paoletta1908 @fucinafibonacci @IlCava @uz hahaha ... allora non concentrarti anche staseraaaaa 😀 buon pomeriggio sventuraaaaaata 😀
-
@Lucatermite @brozu @fucinafibonacci @IlCava @uz io mi sono concentrata sul pomeriggio e non è andata bene. Totalmente insoddisfatta. Bah. ⚫🔴 😩
-
@brozu @fucinafibonacci @IlCava @uz concentriamoci su staseraaaa 😀 buon pomeriggio amici ⚫🔵😀
-
@mora
Fu un grande del suo tempo, fece cose mirabili, ma sapeva dove viveva e in che epoca.
Provare a tirargli fango mi pare davvero ingeneroso.
-
