How the hell do you build a user experience for people who are 100% truly and completely ignorant about computers?
-
It's probably worth noting I have modest password requirements. Must be at least 8 characters long, alphanumeric with upper and lower case, and at least one special character.
@gardiner_bryant I'm just a random kid who managed to get a mastodon account, so feel free not to take this too seriously, but is there a way to make it so your client is able to reset the employee's password?
-
...after they log in... but that *also* doesn't work.
It seems like they *will not* remember their password no matter what I do. I'm at a loss and I'm tired of dealing with this.
Any suggestions?
@gardiner_bryant Have them set up a password manager?
-
...after they log in... but that *also* doesn't work.
It seems like they *will not* remember their password no matter what I do. I'm at a loss and I'm tired of dealing with this.
Any suggestions?
@gardiner_bryant either a password manager on the browser that remembers the login or a passwordless auth using those fancy new technolgies that websites beg me to try, passkeys they are called?
-
@ysaeldev I mean, yes. But this guy's inability to remember his password is reflecting poorly on me. He is blaming me for it not working when *nobody else* in their org has this issue.
-
@gardiner_bryant either a password manager on the browser that remembers the login or a passwordless auth using those fancy new technolgies that websites beg me to try, passkeys they are called?
@portaloffreedom I've thought about passkey auth but, unfortunately, the client won't pay me to implement this and... even if I did... there are limitations to this that would prevent it from working. Especially considering the user needs to be logged in on the office PC and on their phone.
-
@gardiner_bryant either a password manager on the browser that remembers the login or a passwordless auth using those fancy new technolgies that websites beg me to try, passkeys they are called?
@gardiner_bryant I remember browsers can also use a kerberos login, but I doubt this line of thought can bring you anywhere
-
...after they log in... but that *also* doesn't work.
It seems like they *will not* remember their password no matter what I do. I'm at a loss and I'm tired of dealing with this.
Any suggestions?
@gardiner_bryant Yes. Not working with direct user support. My life improved a lot after that some years ago
-
@gardiner_bryant I'm just a random kid who managed to get a mastodon account, so feel free not to take this too seriously, but is there a way to make it so your client is able to reset the employee's password?
@unboundcelestial oh man. They totally can. And I've showed the boss and the office manager how to do this for them. They would just rather send me an emial.
-
@gardiner_bryant Have them set up a password manager?
@richarddegenne this guy wouldn't be able to use a password manager. Either he would forget the *one password* for the manager or he would not keep it updated... or he'd only have it on his phone and get totally lost on the office PC.
-
@portaloffreedom I've thought about passkey auth but, unfortunately, the client won't pay me to implement this and... even if I did... there are limitations to this that would prevent it from working. Especially considering the user needs to be logged in on the office PC and on their phone.
@gardiner_bryant another line of thought could be to improve the password reset flow so that you are not needed for it. "Click here if you forgot your password" flow.
Finally using the browser storage for a password hint or the password itself; like a session cookie with no expiration date.
One could also use a technique like JWT tokens in apps, which continuously renew themselves without a need for a password.
-
@gardiner_bryant another line of thought could be to improve the password reset flow so that you are not needed for it. "Click here if you forgot your password" flow.
Finally using the browser storage for a password hint or the password itself; like a session cookie with no expiration date.
One could also use a technique like JWT tokens in apps, which continuously renew themselves without a need for a password.
@portaloffreedom
Thank you for your input!Self-service password resets already exist.
Sessions last over 60 days but he seems to log out all the time.
-
How the hell do you build a user experience for people who are 100% truly and completely ignorant about computers?
I have a client with an employee who *refuses to remember his username and password.* I get emails at least once a month saying "he can no longer access the portal."
"Why not?" I ask.
"Not sure," with a screenshot saying they input the wrong username/password.
So I have to log in, reset their password and send it to them. I've tried forcing them to set their own password...
@gardiner_bryant maybe something like passkey? I don't know the details of how it works but from what I understand assuming he's using the same computer the credential will just be stored there.
In terms of covering your own ass maybe just gathe data about invalid with attempts and try to pitch your customer on having some internal IT training. Also if they're that bad remember you can "fire" customers
-
@portaloffreedom I've thought about passkey auth but, unfortunately, the client won't pay me to implement this and... even if I did... there are limitations to this that would prevent it from working. Especially considering the user needs to be logged in on the office PC and on their phone.
@gardiner_bryant I don't quite see how the login on desktop and phone would pose an issue with passkeys since you can easily use (or even require) a physical one for both (or even use the phone as passkey manager for both) (would also get rid of the username requirement). The not being paid to implement them is a much bigger hurdle imo.
I've got some (though not much) experience implementing them if there are questions
-
...after they log in... but that *also* doesn't work.
It seems like they *will not* remember their password no matter what I do. I'm at a loss and I'm tired of dealing with this.
Any suggestions?
@gardiner_bryant charge them for the service. That will now put the incentive on their boss to not repeat the issue. And if they don't care, well. At least you get paid for your work.
-
@hobbs They log in through their phone *and* through a shared office PC unfortunately.
-
@gardiner_bryant I don't quite see how the login on desktop and phone would pose an issue with passkeys since you can easily use (or even require) a physical one for both (or even use the phone as passkey manager for both) (would also get rid of the username requirement). The not being paid to implement them is a much bigger hurdle imo.
I've got some (though not much) experience implementing them if there are questions
@m_star Sorry. It's a shared office PC. I forgot about the ability to use a phone as a hardware key. I'll look into it.
-
It's probably worth noting I have modest password requirements. Must be at least 8 characters long, alphanumeric with upper and lower case, and at least one special character.
@gardiner_bryant this is the point where you hire a lawyer and adjust your SLA (or set one up if you don’t have one yet) - maybe they just need an incentive to remember their password.
-
...after they log in... but that *also* doesn't work.
It seems like they *will not* remember their password no matter what I do. I'm at a loss and I'm tired of dealing with this.
Any suggestions?
@gardiner_bryant do what other sites do, email a one time login url to the users email adres.
-
@gardiner_bryant do what other sites do, email a one time login url to the users email adres.
@JeroenBaten this is an interesting idea. This might actually work for the guy.
-
@unboundcelestial oh man. They totally can. And I've showed the boss and the office manager how to do this for them. They would just rather send me an emial.
@gardiner_bryant @unboundcelestial Machiavellian, but at work sometimes we have to “make them feel the pain” in situations like these. I’d set up an autoresponder for their domain specifically saying you’re away on-site and wait to get back to them to try to force them to use their admin privileges to reset it. I’d respond but make it take longer to make the option of resetting it themselves more attractive and maybe make it annoying enough for them to correct the employee.
