Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is a nice list, but it misses one of the most important features in my opinion: Allow users to paste username/password. This seems like such an obvious thing, and it's also the default behavior. But for some inexplicable reason, some product managers seem to be under the assumption that disallowing pasting of passwords enhances security. This is obviously false, and will just lead to your users choosing worse passwords.


And make it possible to have password managers auto-type the username and password. Some sites don't focus the password field after the username field and so the "username -> tab -> password -> enter" auto-typing breaks.

In one especially bad case I encountered, the tab key after the username would focus on a "clear username" button which appears after entering the first character of the username. So the auto-typing of the password manager would enter the username, tab to the button, enter a password into the void and then click the username reset button, leaving the login form empty. Who needs a button to clear the username field in the first place? That's seems so useless to me.


KeepassXC lets you specify a custom key/field sequence for each site, which makes it a little less painful.


Thanks for the info, didn't know that! I'm actually using KeePassXC.


and label the fields properly so that password managers know where to put the things. Strange how many login forms don't do this.


i agree with this. many sites these days have 2FA/OTP in the login flow and they that box is marked as password, and everytime the browser asks "do you want to update your password?" maha irritating experience.


My #1 biggest pet peeve with the web right now is that nobody labels their form fields either correctly or at all, for any kind of field. And more generally just doing tons of stupid garbage that obviously breaks browsers.

I've seen so many permutations of garbage UX:

* the 2FA flow trying to save your password * credit card inputs not having any labels, only having some labels, or having wrong labels * credit card inputs doing some javascript bullshit like manually autotyping a space to simulate the groupings of the card numerals, which inevitably breaks in many comical ways when the browser sets it. My favorite it when the grouping code conflicts with the "don't type too many numbers" validation code and results in only 3/4ths of the number being inputted. * things not labelling login forms properly so that mobile browsers pick up the hint to offer you to open your password manager * websites having a million similar domains they own and copiously link between, so that you end up trying to log in to like, citicards.com but your passwords is only saved for something.citibank.com or whatever.

I know it's a cliche but I'm commonly wondering: have any of these people even tried using their own website even once???? I know that if I owned a company and the way that people give me money was so comically broken, I would be sending Bezos-style ? emails to the teams responsible.


This is also hostile to accessibility.


This should be more like "don't prevent users from pasting into password fields" because, sadly, this is genius management doing


One thing that I have seen as a trend on some websites that I hate is when they first show you the Email field, and you have to press next, and then they ask you for the password.

That is done by evernote IIRC. Why? Just show me both fields.


Shout out to the "Don't Fuck With Paste" browser extension, which allows disabling this user-hostile behavior in a site-by-site basis.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: