I am a proponent of 2 step verification, and most other means of securing personal information online. I use Google Authenticator when possible. The Google side of my logins works flawlessly. It’s the sites themselves that need to change.
Here are two examples. The first is that of a properly developed site. Stripe. When I login to Stripe, I am directed to a new screen requesting my 2-step (authenticator) code. I can immediately type in my code without having to click on an input box.
Now, consider DropBox. I login, then type in my expiring authenticator code, only to realize that I should have clicked on the input box before typing. I must try again. Oops, my code has expired.
Why isn’t the default mode an active input box ready to receive user codes? There is nothing else to do on these pages; their sole function is to verify 2 step codes.
Which begs the question, “Do programmers ever use the sites they develop?
Of course, I could “trust” my device on these sites, disabling the 2-step verification . . . but what’s the point? If I am to override this added security measure every time I use a site, why bother in the first place?
Seems like a small problem, right? Well, if this is one of many such user-interface problems on a website, customers will be lost.
That’s my gripe for today. If you have a gripe that you would like to share with me, just click on the Comments tab below.
It’s inactive.
Peter has spent the past twenty-plus years as an acting/consulting CFO for a number of small businesses in a wide range of industries. Peter’s prior experience is that of a serial entrepreneur, managing various start-up and turnaround projects. He is a co-founder of Keurig.