this post was submitted on 20 Feb 2024
986 points (95.6% liked)

Programmer Humor

32557 readers
456 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 

And no, I will not tell you what my company app is.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 19 points 9 months ago (3 children)

I hate when websites don't have the username and password together. When you have to put in the username click ok then have some JavaScript hide the username prompt and prompt you for your password. Makes it more painful when trying to use a password manager. Especially one that isn't built into the web browser by default.

[–] [email protected] 6 points 9 months ago (1 children)

I agree that is an awful way to do things, but Bitwarden doesn't seem to have a problem entering the username on one page and the password on another.

[–] [email protected] 4 points 9 months ago

Yeah, Bitwardem is what I use. Just my little complaint about them doubling the steps to log in.

[–] [email protected] 5 points 9 months ago* (last edited 9 months ago) (1 children)

It’s called home realm discovery. It’s common in business apps though it’s usually used with email & password logins not username & password logins.

It’s done that way to support federated logins. Larger companies will often used a single sign on solution like Okta or Azure AD. Once the user’s email address is entered it checks the domain against a list of sign on providers for each domain and redirects the user to their company’s federated login if it finds it there instead of prompting for a password.

This has several benefits:

  1. The user doesn’t have mutiple passwords to remember for different apps. Which is know to result in users either reusing passwords or writing down passwords somewhere.

  2. When an employee quits or is terminated the company only needs to disable their account in their company directory and not go into potential dozens of separate web apps to disable accounts.

  3. The software vendor never receives the password, if the vendor’s system is compromised they don’t even have password hashes to leak. (Let alone plain text or reversibly encrypted passwords)

Websites that work that way are (usually) doing it right. If that doesn't work with your password manager, you should (probably) blame the password manager not the website.

[–] [email protected] 3 points 9 months ago (1 children)

I doubt the password manager is blame that there is now two steps to logging in compared to the previous one. The password manager still works, just requires using it twice. An annoyance because it used to be a little bit easier.

Thanks for all the info on home realm discovery. I love to learn new things!

[–] [email protected] 3 points 9 months ago (1 children)

If a website using home realm discovery adds anything more than one extra press of the enter key or mouse click of an ‘ok’ button, get a better password manager.

If you’re annoyed by that one extra click that’s fair. Click counts matter.

[–] [email protected] 1 points 9 months ago

Purely minor rage about an extra click but thanks 🤪😄

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago)

KeePass autotype is amazing for these situations. Very customizable.