OddThinking

A blog for odd things and odd thoughts.

Let’s Fail-To-Log-In Again, Like We Did Last Summer

Here’s another phenomena looking for a word to describe it. I know it as the “automatic-login-only-works-the-second-time dance”, but I am sure there must be a better name.

Here are the steps to the dance:

  1. Visit a web-site home-page, and type in your account id and password wrongly.

  2. Accept the browser’s offer to memorise the password for you..

  3. Get redirected by the web-site to “try again” login page, at a different URL.

  4. Enter your name and password again – but this time get it right.

  5. Accept the browser’s offer to memorise the password for you.

Let time pass.

  1. Decide to revisit the web-site. Go to the home page.

  2. Accept your browser’s offer to fill in the details. The wrong details will be filled in because they were the ones associated with the original home page URL.

  3. Get redirected to the “try again” login page.

  4. Either:

  • curse at the browser, and type in your password correctly, and wonder why it never learns, or

  • curse at the browser, and accept the browser’s offer to fill in the details. The right details will be filled in because they were associated with the “try again” page URL.

I’ve seen this happen to other people, so I know it isn’t just me!


Comments

  1. Opera is now free, and has an excellent solution to this problem. Opera calls it the “Magic Wand” or some such, basically the same as Password Manager or whatever. Forms with saved answers are shown with gold highlighting, which is very nice. When there are multiple saved passwords, and you use the Wand (Ctrl-Enter = magic!), it shows you all possible usernames (not passwords) and lets you choose which to use. They are listed in order of addition, and you can delete them from the same window. When this happens to me, I first check which (if any) of the saved passwords works, and then delete all the others so that the Wand is instantaneous again.

  2. I have seen that problem before, but I just tried to recreate it with Safari and failed.

    I tried logging into a website with an incorrect password, and Safari remembered the incorrect password. I think this is actually reasonable because there are rarely any clues to the browser as to whether the login was successful or not.

    But when I finally entered the correct password, Safari overwrote the incorrect password with the correct one in it’s database (after prompting a second time). I verified this by looking in the password database and verifying only one entry for that website. I also logged out and logged back in again using Safari’s password and it worked OK.

    From the above description of Opera, it seems that Safari works a similar way with multiple usernames for a given website.

    The trick is to make sure that you either log in successfully to a given website, or remember to remove the website from the password database. I agree this is far from an ideal situation, but I believe my browser is doing the best it can under the circumstances. What we really need is a change to the underlying technology, such as the use of HTTP digest authentication perhaps? The key here is to enable the browser to know when authentication failed.

    For what it’s worth I don’t use the browser’s password database that much these days. The main reason is that I have lots of browsers on lots of machines, and AFAIK you can’t copy and merge their password databases. I am slowly migrating from a fairly weak set of password generation ‘rules’, backed up by a separate (i.e. non-browser) password database, to the PasswordComposer tool. Results are inconclusive so far, because I have difficulty remembering which accounts I have migrated and which ones I haven’t…

  3. Casey,

    You are assuming two things about the user:

    1. That they are aware that they are performing the dance. I recently listened to someone complain about the buggyness of an Intranet web-site, unaware that he was actually just stepping through the moves.

    2. That they could be bothered to perform this step. “Well, I am in a hurry, and I am logged in now. I will clean it up next time I come to this site.”

    Alastair,

    It sounds like Safari is acting very much like Firefox does. See the next post – coming very soon.

Leave a comment

You must be logged in to post a comment.

Web Mentions

  1. OddThinking » Browser Comparison: Password Management