Troy Hunt
Fri Jan 29 21:29:24 +0000 2021

I absolutely despise this @UserVoice auth process, let’s unpack it problem by problem:

Firstly, verifying by email on every single auth is sloooow. I can’t just auto fill username and password from my password manager like nearly every other service on the internet, I have to wait for an email to be sent.

I also have to wait for the email to arrive; what if delivery is delayed? What if it goes to junk? What if I don’t have access to that email address at the time of auth? What if the magic link is sent to a different device to what I’m auth’ing on?

NWhen the email arrives, my mail client is going to open in the default browser. This may be completely different to the browser I used to begin the login process but because auth is now fragmented across multiple steps and clients, I can’t control that (other than copy / paste).

Then the info in the email is completely wrong beginning with my location; the “Australian Capital Territory” is more than 1,000km from here, does that mean the login is fraudulent? What am I meant to do with this information?

Plus, I did this on the iPad but apparently the login came from “Macos”. This is just a poor interpretation of the UA string and adds to the misinformation that one would assume is there to help people establish the legitimacy of the login. (Also the wrong case on “Macos”.)

I’m intimately familiar with the challenges posed by using passwords, but this whole auth flow feels like it was designed by a technical team locked up in a room who didn’t give a single consideration to the way humans interact with machines

If @UserVoice didn’t want to manage passwords they could have easily delegated auth to social providers. I’d be happy to login with Facebook / Twitter / Google, but “magic” links are just a miserable implementation.

Oh - and because I took a few mins to pump out the above thread during the login process, the “magic” has expired 🤦‍♂️

So I try again and now I’m even further away! Am I meant to say “Yes, this is me” when the location is 2 states further south? I’ve been on my local 4G connection the whole time and yes, I get the challenge with geolocating IP addresses, that’s why this approach doesn’t work!

I still hate this @UserVoice implementation with a passion. After waiting for the email to arrive, I'm now prompted to confirm I'm in a place almost 2,000km away before logging in. What am I meant to do with this, @magic_labs? Say no?

This is yet another example of why, despite all its faults, passwords remain today. Because they're low-friction and everyone knows how to use them.

Waiting for a "magic" email to arrive then clicking the link that fires up a different browser and tells me I'm in the wrong place and probably shouldn't continue thus stopping me from doing the thing that would have been done by now if I'd used my password manager to login

Oh FFS, you just can't make this shit up, it's horrible UX from top to bottom

And why am I seeing PDT? What do I do with this information about a time that looks completely wrong to me? If @magic_labs can work out the state I'm in (even if they think I'm at the wrong end of it), why aren't I seeing my time zone? What am I meant to do with this?

Wed Apr 28 22:16:47 +0000 2021