View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0023691 | mantisbt | authentication | public | 2017-12-02 10:45 | 2020-08-11 17:21 |
Reporter | hanno | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | new | Resolution | open | ||
Product Version | 2.8.0 | ||||
Summary | 0023691: New login UI is needlessly more complex and prevents use of password managers | ||||
Description | Since a few versions Mantis has a new login form that has two disadvantages compared to the old one.
I haven't found any announcement or justification of the new login, but it feels to me it has only disadvantages. I'd propose to revert the changes, but if they're intentional I'd ask for an explanation. | ||||
Tags | No tags attached. | ||||
User login is detached from the authentication method. If the user needs a password authentication, then the password page is shown, otherwise the login authentication could be performed by another method that does not require a password form.
Preventing it was not an intentional change
Seems like the browsers have some methods to "guess" which inputs are part of a user/password login. I think that the problem is that they don't match the username form input because it's type is |
|
For the password manager KeePass, the following auto-type sequence works for me: {USERNAME}{ENTER}{DELAY 500}{TAB}{PASSWORD}{ENTER} However, this is not a very good solution because it assumes that the password form is displayed within 500 ms after pressing enter on the user name form. This might fail if the server experiences heavy loads or the internet connection is too slow. While I understand the conceptual benefits with respect to a more flexible authentication system, I would also prefer to have an option to return to the old single-page login form. |
|
+1 for me for going back to the old single-page login form. |
|
Mentioned by @dregad 0026296:0063024
|
|
I'm also looking forward to have the "old" and widely used "best practice" to have the username and password in one form. |
|
Single-page login? Yes, please! The new two-page approach is a pain for people who use password managers. |
|
What I am missing here is the fact that it has not been made optional. |
|
I use this sequence in KeePass for some sites:
This sequence takes much more time but it is much more detailed and never fails.
|
|