dj snape

Two-Step Login Forms are Fucking Stupid.

In recent years a very tiny number of popular websites have started changing their login forms to require two separate form submissions, first the username, and second the password.

example of a two-step login form

This is a stupid idea. We are at a place in time where Password Managers are finally starting to catch on for regular use by regular people, which is fantastic. One of the coolest features of password managers is the ability to auto-type your username and password into login forms. Which the 2-step form completely breaks.

Let me tell you what’s going to happen. The future is Ease Of Use. The future of authentication is using a password manager that’s unlocked via a physical token such as a yubikey, biometric data, or some sort of “Master Passphrase”, and handles 100% of all authentication needs. Everyone who knows anything about authentication knows this is true. The point of computers is to automate tasks in order to simplify and improve our lives.

Automation of authentication requires login forms that are not confusing to password managers. The simplest way to deliver this is a standard 1-step login form with a Username – Tab – Password format.

The fact that certain developers decided to change tracks right at the moment in time when Password Managers are starting to pick up speed is evidence that those developers don’t have a fucking clue in their heads. So I am presenting you with a fucking clue. 2-Step Login Forms are Fucking Stupid.

No more Discus

I’ve been forced to remove Discus comments from tailpuff.net. They have taken the same approach to the GDPR that Facebook has taken, and while I think the GDPR sucks, I think this kind of corporate sleaze sucks worse. I won’t support people who treat the public as if we’re too stupid to see their crimes for what they are.

So from now on, or until I find a superior alternative, comments on tailpuff.net will require you to register for an account. I thought about offering guest commenting but unfortunately the maturity level of the human public has not reached a point where that can work.

Alternatives?

If you know of a similar service that respects it’s users privacy, please let me know. I do like the Single-Sign-On aspect of Discus but no feature is worth sacrificing privacy or the privacy of my visitors.