The UX Hell of Just Logging In

Thursday, October 16, 2025

Welcome to a rant!

What’s turned into my unofficial “thesis” of my blog if you will is that technology, despite the current awful state of it, is good. Or at least, it has the potential to be, if it’s built and maintained by people who not only care but who are instiutionally empowered to turn that care into excellent products.

However, despite that core optimism, I would contend (and I don’t think it’s a controversial opinion) that tech is in an utterly horrendous place right now. And that impression is crystalized daily by a number of little incidents. As Ed Zitron put it so well:

In plain terms, everybody is being fucked with constantly in tiny little ways by most apps and services, and I believe that billions of people being fucked with at once in all of these ways has profound psychological and social consequences that we’re not meaningfully discussing.

From “Never Forgive Them”

Here are two examples from merely the last 24 hours centered on “signing in”, an utterly benign task that, depending what you’re signing into, can quickly devolve into a farcical Kafka-esque nightmare.

YouSuffer

I turn on the TV last night, Apple TV, nothing fancy. The YouTube app appears as it often does, but there are no accounts listed; instead, only an “add account” and “kids” button. So my sessions expired, were lost, whatever. This isn’t a problem right? I restart the app in the odd event that the app just broke (about 40% of the time it launches as the TV turns on to a gray screen with no interacables, this is not Good Software) but alas, no accounts. Fine. I click Sign In.

I am given a screen with a QR code, and the text on a button says “Sign in with your phone” and beside it is said QR code, with a URL to a YouTube page to connect a TV, and a code to type in. I dutifully pull out my phone, I scan the QR code. It… takes me to the URL on the screen. Okay… oh, perhaps I need to click the button that says Sign In with Phone! I do. It does nothing. Pressing a different one and then pressing the phone one again reveals it’s just changing the content on the right side of the screen from QR code and instructions to different instructions for other methods to sign in.

Okaaaay. I pull out my phone, and scan the code once more. It opens the URL in Safari. Not YouTube, which I have installed and signed in. I am instructed to sign in to my Google account, here. Easy enough, my credentials load from iCloud, and I am subject to TFA: Which, hilariously, is to open the YouTube app on my devices.

I dismiss Safari, and open YouTube. YouTube asks me if I am trying to sign in in the exact same place my phone is located. I confirm that I am. I watch the TV. Nothing happens.

I swap back to the Safari window. The authentication window redirects (apparently I am now logged in) to show… a confirmation that I want This TV to have access to my YouTube account, and watch history, yadda yadda. I confirm. The TV (about 20 seconds later) completes sign in. This entire process took about 4 minutes.

And like… let’s unpack this. I’m a developer in this space, I know how to build this shit. Let us count the things that make me go “what the fuck” in no particular order:

• Why does the YouTube app have the ability to confirm sign ins, but not handle them?
• Why does the YouTube app not simply open from the QR code on the TV screen, and prompt for the TV to have access to my account?
• Why do I need to sign in to my Google account, in Safari, to then open a Google App, YouTube, to confirm my sign in to the browser, to complete an authorization for another app on another device?
• Why did the YouTube app even lose my sign-in in the first place? This is an often used device, there’s no way in the world it timed out. And it lost my wife’s too.

Insurance

Let’s move on. I needed to tweak my auto coverage. I logged into an insurance company I won’t share for obvious reasons. Or should I say: I TRIED to.

I browse to insurancecompany.com. There is a Log In link in the upper right, and I click it. It opens a drawer from the top bar within which rests a login form… which then immediately redirects the whole page to a bespoke login page. Okay. Odd. I open the password manager, I insert the credentials. I click login, and…

We’re sorry, but we were unable to process your request. Please try again later.

What does THAT mean!?

Sidebar to this, I have so many goddamn nits to pick about error handling being like a Warhammer-esque completely lost technology. I get that it’s a pain in the ass, believe me, I have written the code to do it, and testing it sucks to do, and it’s generally pretty thankless work. But I am so, utterly, at-a-loss for words SICK AND TIRED of software breaking and having nothing to show me but an “Oopsie doopies, something did a fucky wucky!” with a goddamn sad face emoji.

At least this one skipped the sad face emoji.

I do not need an overly personal apology, you loonies. I need a REASON. What happened!? Were you unable to reach the server? Is the server down? Is my password wrong? Is my account named something different? Did you change how I have to sign in and I missed the email because it’s buried with 600 other emails you’ve sent me that aren’t my bill and aren’t important and are the reason my spam filter blocks your domain now?! GUESS if you have to.

An aside rant…

Message to my fellow web developers: Please stop fucking with my password manager. I have seen so many times lately websites that simply REFUSE to attempt a login until they read keystrokes in the fields, despite the fields being full of text! This is not your job. I do not want to have to convince your fucking JavaScript that there is something in the fields when freaking field.val().length > 0 will manage that PERFECTLY.

Returning to our usual programming…

Relevant to the above, I look at my password, I delete the last letter of my email and retype it, and delete the last letter of my password and retype it. This works more often than you would think. Nothing. I realize my adblocker has killed about 110 connections at this point that this, I can’t stress enough, LOGIN PAGE apparently had on it. I disable my ad-blocker, I refresh, I re-insert credentials. Nothing but more “sowwy” error message.

I bitch at a buddy. He suggests using Incognito. I am skeptical but I need to get this shit done, so I try. And to my surprise, it works! Thankfully said friend is a veteran of garbage websites. Why does this work? I haven’t the slightest idea, but interestingly the incognito window didn’t redirect me from the home page, it simply let me insert my credentials into the form that loaded like 5 paragraphs ago before I was whisked away to an indentical and apparently non-functional one to bang my head on for 10 minutes.

Now it’s time for the MFA. A text message. Dear reader, would you be surprised that it didn’t arrive? If you are, I envy your optimism. It didn’t. Now, this kind of echoes what’s probably my chief complaint with BitWarden, which is the god awful login, session management, etc. but that is a rant for another day. And, frankly, they’re a open source project, they don’t get paid to work on their thing, and I have infinitely more patience for volunteers doing important work like that than I do for multi-billion dollar firms that can’t send TEXT MESSAGES. All of that to say: BitWarden likes to say it sent a code to you, when it didn’t, and asking for another will fix that issue 99% of the time. So I ask for another.

Still no text. I am textless. I am bereft of verification codes, even now, hours after this happened. No clue where they went!

I use email instead. Email arrives, copy code in, boom, we’re good. I make my policy change, which takes like 30 seconds, as opposed to the login which easily ate about 10 minutes.

I just. How.

I build this stuff. I know how hard it is, and the acronym “MSAL” is enough to send me into Vietnam-esque flashbacks because, Lord Omnissiah be praised, Microsoft cannot make a good framework to save their lives. But I also know it doesn’t have to be this bad. Signing in should be boring. Predictable. Invisible. If your login flow feels like a boss fight, you’ve already lost. For us password manager users, this should be an utterly brain-dead step: open page, insert credentials, click Login. Why so many websites feel the need to fuck with us is a mystery for the ages.

To the brave souls who just wanted to check their email, tweak their insurance, or watch a video without being spiritually dismantled by a login screen: I see you. May your sessions persist, your codes arrive, and your password managers never be thwarted by rogue JavaScript.

Till next.

- Madison