I think people on Twitter with a public profile, of all people, know and understand how public their tweets are. It doesn't change the fact that these kinds of advertisements are annoying though and that they're within their rights to complain about it.
Is it fair game? Maybe. Does that mean I should just accept it? Hell no.
>Password managers can't deal with this, unsurprisingly.
I use a password manager too and often wonder about this. Does this responsibility fall on the website's designer/developer or the password manager?
In one hand, I'd like my password manager to work on every site too but on the other, being a web developer/designer, I don't want another thing to support. We already have browsers and browser versions, and browsers and browser versions in specific platforms to keep track of. Do I want another layer of something to keep track of?
(This is totally unrelated but another thing I apply this question to is a page's/websites ability to support reading mode. You have straightforward pages that you can read wholly in something like Firefox's Reader View or Instapeper/Pocket. Then there are those pages that rely too much on some javascript library (sliders, read more, etc.) to display properly that gets broken when seen through reading mode.)
As a web designer, your goal wrt security should be to make your site only work with password managers, and never work with manually entered passwords.
Password managers aren't "Another thing to support" but "The only secure way to do passwords"
If your user can remember their password, they also likely: reused it elsewhere, have some pattern to it or minor changes that could be figured out from a email search in any password database, made it simple enough to be not secure.
I agree with this — I’ve “helped” a few friends transition their lives to password managers (basically just sat with them and kept suggesting sites they probably use that they might want to go change their password for — after they’ve done 5 or 6, they understand how to do it and are very likely to keep using it going forward).
I think this has to be highest benefit easy-ish thing you can do for someone to aid their computing lives in 2019 ...
Everything sites can do to help users undergo this transition would help them in the long run ...
The big password manager implementations need to do better as well — I don’t understand why iCloud Keychain doesn’t support generating random passwords that conform to the (horrific) password complexity checks you see out there in the world sometimes ... those sites are wrong to have such a broken feature but there are enough such broken sites out there that a clean workaround is needed on the password manager side ...
It would also be nice to have a solution for security questions built in — my solution is an OpenSSL command line for the random password generation and shared notes in which I record security questions and answers for sites. It’s better than actually providing real answers to security questions at least ... support for this functionality should really just be built into my password manager — the alternative likely thing is that a user will use actual answers to security questions for password reset all across the internet and this is not a thing the password managers should support their customers doing ...
I agree with you somewhat. I think my role as a developer/designer is to make sure that my forms work with pw managers. But I think encouraging users to use a manager should rest upon password managers. I can nudge them to use a secure password but the decision to write something like "please use a password manager" isn't usually my decision.
Also, let's admit it, unless you do something really crappy like remove copy-paste, forms don't exactly "not work" with managers. Most of the time, you don't have to do anything special and it would work. Some just take a bit more time because you have to cop-paste it and not autofill. But people who are already using pw managers don't just stop using it (or start memorizing their passwords) because one site can't be autofilled. They just copy paste it, at worst, they manually input it while looking at the password from their pw manager of choice.
My line about "supporting" it is a bit off. I used the wrong words. It goes to say that you should support it. Again, you have to do something really out of your way to completely block off password managers from your forms so really, I think the norm is that they support it. My thought goes more along the line of whether I should be the one to adjust when the form works on some pw manager but not on another or when the pw manager can handle other sites properly and not mine. "Working" and "handling" here means it can be autofilled (most of the time).
> (This is totally unrelated but another thing I apply this question to is a page's/websites ability to support reading mode. You have straightforward pages that you can read wholly in something like Firefox's Reader View or Instapeper/Pocket. Then there are those pages that rely too much on some javascript library (sliders, read more, etc.) to display properly that gets broken when seen through reading mode.)
Sites that want to display readable pages don't have to work on compatibility with Reader View; they can just provide readable pages. I use Reader View mostly to work around sites' intentionally user-unfriendly design patterns (articles unnecessarily split across multiple pages), and only occasionally to work around presumably unintentionally bad design (Kill Sticky does most of that work for me). To the extent that that's true, sites are likely to be interested in being less, not more, compatible with Reader View.
As a developer you should support a proper form that works with password managers. Period. Anything else is a failure on the developer's part to create a working login. It's also a massive security hole you've introduced by encouraging people not to use password managers. They will try to remember the password and we all know where that leads to. Sorry, if you think you can develop a login form that doesn't support password managers and call that a decent effort, you're badly mistaken. That's just shit engineering.
Why don't you respond to one of the comments that point out sensible reasons why a website might do this instead of using this as an opportunity to suggest that people are just incompetent?
Go check Notion.so. I've been on the same boat as you for a long time, tried all the open source atlernative I could find as well as the paid ones but kept coming back to plain-texting.
I read about notion a few days ago and it's been smooth so far. It's everything I've been thinking of for when "I'm gonna make my own note-taking app I swear". I'm looking at moving maybe a third of my notes to it and use it for a few weeks before I consider moving fully and paying, I guess. The desktop client is an electron app so that might be a turn off for some. But! There's a web clipper on their road map too so that's one point for them that always makes me look back at evernote.
I wanted to love Evernote, even swore by it for a time, but after a few months of extensive use, it becomes apparent that they don't care about customers outside of their business plans. Feature requests as old as 5 years get ignored while they keep pushing out features that would make Evernote more like a powerpoint alternative than a note-taking app.
Personally I want to think this is happening because better alternatives have been popping up. There's bear and omnifocus and, recently, notion.so that does a lot more than Evernote for a relatively cheaper price.
Also all of them have dark modes while Evernote doesn't.
Evernote, like so many apps before it, has fallen head-first into the go-big-or-go-home trap.
These companies start a desperate, doomed-to-fail chase of a gigantic market, at the expense of their small-but-profitable niche. It's understandable from their board members' perspective, because a nice 5% ROI is not what they're after. They need that moonshot, even if chasing it likely results in losing everything.
See also: Every company that decides that their platform now needs a social media element.
Between Apple Notes, Bear, and OmniFocus I have no reason to use Evernote. They all do what they focus on well, cost less over time, and are proper native apps to boot.
For OmniFocus in particular I also have the assurance that its maker isn’t just going to up and vanish any time soon. They’ve been around since the NeXTSTEP days and are quite healthy.
I'm looking at the Omni products and they seem all great. But I might be transitioning from iPhone to Android in the next 24 months and am afraid of losing a lot of investment.
I'm not doing anything more than a personal blog but I've shopped for platforms before and considered all the things one could think of when you're choosing one.
Ultimately though, I chose to run one on my own for the mere satisfaction of "owning" it. Maybe it's, uhhh, like how buying a house is thought to be a step up compared to renting an apartment? Something like that. There's also that feeling where I feel like I'm only half there if it's under a platform like Medium or Tumblr.
I admit the benefit of being on a network like those are bound to be helpful: if you're looking for them. Eitherway, I thought I could just cross-post things anyway if I ever wanted to.
Is it fair game? Maybe. Does that mean I should just accept it? Hell no.