We sent an email to youremail@your.com

🤦🏻

I loathe Medium, not least of which for popularizing the “magic link” pattern in 2014.

Their rationale—passwords provide a worse user experience than email, as most people click “forgot password” anyway, so why not skip the middleman?

No, it’s not a worse experience.

I have a password manager, and I press Cmd-Shift-L, and Bitwarden happily fills it in. I can even use auto-fill if a website plays nice. But, not with websites that ONLY have Massive-Pain-In-The-Ass Links™️. I don’t want to open my phone or email client to copy a code. Especially if I can’t paste the code because a destroyer of webs never took HTML Forms 101.

Thanks to Medium and hundreds of other foolish lemming companies that followed their advice, my inboxes are spammed with sign-in codes.

Thanks, Medium.

OAuth & SAML 🤬

Claude estimated ~30 million developer hours spent on OAuth confusion alone. Security Assertion Markup Language (SAML) is even more confusing and probably burned more developer hours.

Every day, I have to fumble through different OAuth experiences as a user. Add an email address and wait for a Slow AF Redirect™

Next, enter the username and password, then wait again.

How many millions more hours are burned on these technologies per day?

Your Password Doesn’t Meet The Requirements

Passwords are better than Massive-Pain-In-The-Ass Links™️, but companies LOVE password requirements as a torture device.

  • At least 1 more or fewer characters than you entered
  • One more capital letter
  • Lucky you, more than one F or U makes your password disappear from your mobile device
  • …and my favorite, no @!#?@!

Held CAPTCHA

Massive-Pain-In-The-Ass Links™️ are an annoyance runner-up to CAPTCHA. I’m not a fan of violence, but whomever thought this was a good idea needs a beating.

Prove you’re a human by entering the following text:

Ë͖́̉ ͠P̯͍̭O̚​N̐Y̡ H̸̡̪̯ͨ͊̽̅̾̎Ȩ̬̩̾͛ͪ̈́̀́͘ ̶̧̨̱̹̭̯ͧ̾ͬC̷̙̲̝͖ͭ̏ͥͮ͟Oͮ͏̮̪̝͍M̲̖͊̒ͪͩͬ̚̚͜Ȇ̴̟̟͙̞ͩ͌͝

And who doesn’t love preparing for the impending robot uprising while proving you’re not a robot?

Credit (xkcd): Machine Learning Captcha

Solutions

The new darling of the software development community is the Passkey or (FIDO2/WebAuthn). I highly recommend trying this out if you haven’t already. Biometrics is another passwordless option, though it’s less convenient if you’re using a keyboard without a fingerprint reader. If you’re on someone else’s machine, it’s also inconvenient, so be ready with a YubiKey or your phone’s camera.

There’s no perfect solution, but hopefully we’ll see less and less of these monstrosities in the future.

Want to see other deadly cuts?