Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | ... | 29
freitasm
BDFL - Memuneh
79279 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3299318 21-Oct-2024 10:15
Send private message quote this post

freitasm:

 

The New World Clubcard website doesn't allow paste into the password field and doesn't allow auto-fill from password managers.

 

 

A couple of friends didn't quite believe me on this. I took a screen recording showing the behaviour and they saw it. Im using Bitwarden, so one of them tried with Google Password Manager, which worked.

 

I then opened a Widows Sandbox instance, meaning clean browser with defaults. Added the Bitwarden extension only to make sure it's not anything else.

 

Still the same behaviour. 

 

So instead of the website itself, it could be the extension.

 

So I decided to test it.

 

I ran Windows Sandbox and using the browser with no extensions added... Copy and paste didn't work.

 

Remember, it's a long and random password, I can't just type it.

 

Next I install the Bitwarden extension. There's nothing else on that browser. 

 

It fills the field as expected. The password clears when I click the LOGIN button. I still get a "Wrong password" message. 

 

I suspect something is going on with the page, so I refresh the page, enter the email address, click CONTINUE and instead of the password I type just one character, any character. 

 

I then press backspace and use Bitwarden to fill the password.

 

I click LOGIN.

 

And it works.

 

I suspect the developers put some logic there to allow only passwords that are typed in. Paste a password there is not a character typed in. Neither is the Bitwarden auto-fill. But when I type a character it's now ready to accept the field as "manual entry", even if I delete that character.

 

Now it's ready to accept the input from the password manager.

 

Basically, whoever developed that webpage is not really helping people use secure passwords and not making the whole site more secure either.

 

What a weird thing to waste time implementing.





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup




freitasm
BDFL - Memuneh
79279 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3299319 21-Oct-2024 10:16
Send private message quote this post

^

 

Whoever developed this wasted time implementing something that doesn't make the site safer and makes it harder for users.

 

A true champion.





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


richms
28176 posts

Uber Geek

Trusted
Lifetime subscriber

  #3299325 21-Oct-2024 10:26
Send private message quote this post

k1w1k1d:

 

Software that can't accept names with double capitals or apostrophes, eg O'Brian (Obrian), McDonald (Mcdonald), etc.

 

Logins that will only use an email address as your username. A couple has to create a second email address so that both can log in to their accounts.

 

 

nahh, this is a good thing as users are idiots and have more chance of remembering their email address than a username.

 

Couple shouldn't have only one email address. This isn't the 1990s.





Richard rich.ms



sir1963
3260 posts

Uber Geek

Subscriber

  #3299326 21-Oct-2024 10:40
Send private message quote this post

richms:

 

k1w1k1d:

 

Software that can't accept names with double capitals or apostrophes, eg O'Brian (Obrian), McDonald (Mcdonald), etc.

 

Logins that will only use an email address as your username. A couple has to create a second email address so that both can log in to their accounts.

 

 

nahh, this is a good thing as users are idiots and have more chance of remembering their email address than a username.

 

Couple shouldn't have only one email address. This isn't the 1990s.

 

 

 

 

So at work we are required to use MS products, including exchange. This is hosted by MS.

 

When you sign in it wants your "email address", but what it actually needs is your username@yourdomain and it will fail if you try your email address.


Behodar
10506 posts

Uber Geek

Trusted
Lifetime subscriber

  #3299328 21-Oct-2024 10:44
Send private message quote this post

sir1963:

 

So at work we are required to use MS products, including exchange. This is hosted by MS.

 

When you sign in it wants your "email address", but what it actually needs is your username@yourdomain and it will fail if you try your email address.

 

 

Conversely at my work it wants the email address, and not the username@domain (which is also a valid email address, but is rejected).


freitasm
BDFL - Memuneh
79279 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3299331 21-Oct-2024 10:52
Send private message quote this post

Behodar:

 

sir1963:

 

So at work we are required to use MS products, including exchange. This is hosted by MS.

 

When you sign in it wants your "email address", but what it actually needs is your username@yourdomain and it will fail if you try your email address.

 

 

Conversely at my work it wants the email address, and not the username@domain (which is also a valid email address, but is rejected).

 

 

Blame your IT for the configuration. 

 

It's their option to which one to use, not Microsoft's.

 

It could be an intentional "security by obscurity" layer. The default Tenant domain is usually different from the email address, so you know that if anyone shows a page with your email address and pretending to be Office 365, it's a fake...

 

 





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


mkissin
389 posts

Ultimate Geek

ID Verified

  #3299332 21-Oct-2024 10:55
Send private message quote this post

freitasm:

 

I suspect the developers put some logic there to allow only passwords that are typed in. Paste a password there is not a character typed in. Neither is the Bitwarden auto-fill. But when I type a character it's now ready to accept the field as "manual entry", even if I delete that character.

 

Now it's ready to accept the input from the password manager.

 

 

Ah yes, at work we use Vistra Overseas Connect for a bunch of financial stuff and it behaves the same way.

 

It took me forever to figure out how to fool it into accepting a password from Bitwarden, because I have to use the "enter a character then delete it" trick for both the email and password fields. Much rage ensued.

 

Good times.


 
 
 
 

Send money globally for less with Wise - one free transfer up to NZ$900 (affiliate link).
ANglEAUT
2322 posts

Uber Geek

Trusted
Lifetime subscriber

  #3299475 21-Oct-2024 14:29
Send private message quote this post

freitasm: The New World Clubcard website doesn't allow paste into the password field and doesn't allow auto-fill from password managers.

 

mkissin: Ah yes, at work we use Vistra Overseas Connect for a bunch of financial stuff and it behaves the same way. ...

 

& Have you ever tried to reach out to the company to complain about their website? What a waste of time. If you're lucky, your complaint will get to the web development team after your 3rd reply. Submitting feedback about the website itself, not products or service, is imo a futile attempt.





Please keep this GZ community vibrant by contributing in a constructive & respectful manner.


ANglEAUT
2322 posts

Uber Geek

Trusted
Lifetime subscriber

  #3299478 21-Oct-2024 14:34
Send private message quote this post

freitasm:

 

Behodar:
sir1963: ... When you sign in it wants your "email address", but what it actually needs is your username@yourdomain and it will fail if you try your email address. 

 

Conversely at my work it wants the email address, and not the username@domain (which is also a valid email address, but is rejected).

 

Blame your IT for the configuration. It's their option to which one to use, not Microsoft's. ...

 

I blame Microsoft. Besides their crappy naming conventions as documented further up in this thread, Microsoft are the ones that chose to implement a UPN scheme that looks exactly like an email address. They are also the ones that that ask for an email address in the username field, but they don't mention a UPN. It is Microsoft that gave companies the choice to use either an email address or a UPN.

 





Please keep this GZ community vibrant by contributing in a constructive & respectful manner.


mkissin
389 posts

Ultimate Geek

ID Verified

  #3299479 21-Oct-2024 14:35
Send private message quote this post

It's been a while since I logged on, so I just tested this with Vistra and it does this to both Bitwarden and to the built-in Edge password manager.


olivernz
497 posts

Ultimate Geek

ID Verified
Trusted
Lifetime subscriber

  #3299480 21-Oct-2024 14:36
Send private message quote this post

MS Word and Excel are the surge of working life. They prevent businesses from actually developing the solutions they need. IMHO they should be banned from IT. And we don't want to start a Powerpoint rant. ;-)


  #3299485 21-Oct-2024 14:41
Send private message quote this post

ANglEAUT:

 

I blame Microsoft. Besides their crappy naming conventions as documented further up in this thread, Microsoft are the ones that chose to implement a UPN scheme that looks exactly like an email address. They are also the ones that that ask for an email address in the username field, but they don't mention a UPN. It is Microsoft that gave companies the choice to use either an email address or a UPN.

 

 

 

I've worked for a number of organizations that use Microsoft's SSO and they've all worked as expected with my firstname.lastname@employer.co.nz etc addresses. I agree with the possibility it's more an IT dept issue -- they may have made the decision to use a different domain for their SSO domain than they use for their email domain. Their call, not Microsoft's.


  #3299486 21-Oct-2024 14:42
Send private message quote this post

olivernz:

 

MS Word and Excel are the surge of working life. They prevent businesses from actually developing the solutions they need. IMHO they should be banned from IT. And we don't want to start a Powerpoint rant. ;-)

 

 

I keep getting IT executives telling me that we need to stop using Excel. I keep saying that I will, if you give me a better tool. 28 years and I'm still waiting for a better tool. 


  #3299487 21-Oct-2024 14:42
Send private message quote this post

olivernz:

 

MS Word and Excel are the surge of working life. They prevent businesses from actually developing the solutions they need. IMHO they should be banned from IT. And we don't want to start a Powerpoint rant. ;-)

 

 

Unpopular opinion perhaps, but both Word and Excel are fine when you learn how to use them properly. YMMV especially if you don't bother to learn.


neb

neb
11294 posts

Uber Geek

Trusted
Lifetime subscriber

  #3299490 21-Oct-2024 14:51
Send private message quote this post

KiwiSurfer: Unpopular opinion perhaps, but both Word and Excel are fine when you learn how to use them properly.

 

They're fine for basic tasks.  Ever tried doing anything a bit more sophisticated in either?  There's a reason why publishers use absolutely anything but Word for book manuscripts, for example.


1 | ... | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | ... | 29
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.