2-way authentication annoyance

Recently I found that more and more different websites switched to 2-way authentication. I completely understand why and I support this movement because it is way more secure but there are a few things I hate in 2-way authentication for quite a long time.

The first and most important thing is a lack of focus on the website. I entered the username and password and now I’m prompted to enter the security code that the website sent as SMS. I’m gabbing my phone, type code and press Enter just to find that the edit box is not focused and I have to click on it first and then switch on and unlock my phone, then go to iMessage and find that SMS, open it. It is necessary because, by that time, the message already disappeared from the screen and the phone is off now.

It is super easy to set focus and just in case I’m not talking about small companies here. Very often the website belongs to a huge company with millions of people logging in every day. And yet, their developers are lazy and cannot set focus to control with secure code. Some of them do not accept Enter key and requires me to click on the button on the screen to verify the security code.

And as a result, millions of people waste a few seconds every day. But just to be fair they are consistent in this approach and very often they do exactly the same for username and password control. I click on login or a similar link and it brings me to the login page, but I cannot enter my username, press Tab, and enter a password. Very often, I have to click on the username first and only then start my sequence.

Some companies decided to send huge text and the security code is located at the end of that text. As a result, I cannot see the code in the message preview and I have to click on the message, unlock my phone, etc. Is it hard to think about how your customers will use this feature to make it easier?

Some developers decided that sending 6 – 9 digits is not secure enough and decide to send a mix of digits and letters. Good luck entering it on the phone and good luck keeping it in memory 3J9X31GH while entering it.

Some websites instead of sending me a code after I entered my username and password bring me a page with a selection of single phone number and buttons like “Send code” and “Back”. Why can’t you send the code automatically? Bring this page only if there is no phone number set.

And after I pressed “Send code”, the website will show a different page with “Send new code”, “Back” and “Verify code”. And these buttons are exactly the same except for the text. How often do I need new code? How often do I need to go back using the “Back” button? Do they really that important to look exactly the same?

This is a good example of a feature that is technically implemented and implemented correctly but implementation is quite bad from a usability point of view.

If you are a developer of a website, try to think how exactly customers will be using your site and try to think how to make it easier instead of blindly implementing whatever is written in the ticket and closing it as soon as possible. And your customers will be grateful.

I hope it helps someone.