There’s this growing trend where every account will automatically email you a code you need to enter before logging in. I hate this trend. I get as a SaaS operator why we are trending this way, but the way auth is trending in the world is unsustainable.

Soon I will be spending a-not-insignificant amount of time just logging into things.

I was particularly peeved the other day when I was setting up an account to have my fingerprints taken for a background check I need to do. They had extremely bespoke password rules. They wanted a second factor. All to just simply schedule a time for me to go into a place and physically hand over my ID. They don’t need such security. It should just be a “one way” system where I enter my information and I have no way to retrieve it back, and then there would be no need for such security measures.

It’s particularly annoying because I only need to do finger prints every five years, and the odds that this platform will be the same platform they ask me to use again in five years is almost exactly zero.

So I spent about 20 minutes setting up an account that I will, in all likelihood, only ever use once in my life. And that was 20 minutes as a very technical user, I can’t imagine someone’s grandma trying to use this system. All for something that if they had thought of for more than five minutes, they could have design to only accept any needed data (name, address, driver’s license ID, etc) and to never show data — and then they would never need such stringent security measures in the first place.

And as AI takes over the world and software quality declines so much more these user-hostile security measures will just grow and grow and grow.

/rant over