What on earth? Why is it so impossible to register for this forum?


(Miles Thompson) #1

I registered here because I’m working on some DeepSpeech things and wanted to share… but before I do that sorry I but I believe it is useful for me to just mention how frankly awful the experience of getting registered at discourse.mozilla was for me.

What the what ?? I believe someone needs to address this and if you don’t hear from folks like me - when they first register - then I guess nobody will say anything because the only people here will be the people for whom registration is a dim memory.

It starts innocently enough…

OK cool. I’ll use my github profile since it’s already logged in.

Oh I see, that’s a no-go. OK sure I guess that’s fair enough a little annoying just for a online discussion forum but I’ll do something else… So I click back.

Argh. Now I’m stuck.

Because it always tries to auto-login and takes me here. I tried clearing cookies, clearing session state, clearing local storage. No go. Just always loops back to here.

At this point it’s genuinely annoying but I’ll persevere. New incognito window. Try the google option.

Nope no google. Why even show me google if you won’t let me use it!??!??!

OK fine. Well, then, how about just using email?

Nope. After a brief stop off at the generic 500 page…

I see this error.

Again. Why on earth even have the email option if I am not allowed to use it? And how do you know I have a github account anyway (from an incognito window).

Let me just remind you THIS IS AN INTERNET FORUM

I don’t know what else ya’ll use discourse.mozilla.org or mozilla.autho0 or whatever for but in this case THIS IS AN INTERNET FORUM it does not need to be more secure than my bank.

What in the name of what? Has someone seriously been on the internet security happy sauce? Arghh!!

And if, you are wondering, the only way I was able to get on here to post this was to add 2fa to github (since it had somehow locked in to use github as the only way to login).

Thanks!


(Leo McArdle) #2

Hey Miles,

Thanks for persevering here, and sharing your awful experience - it really helps when it comes to prioritising what we work on next, so other users don’t also end up going through the same thing.

I’ve moved your post to the IAM category (where we discuss issues around the Identity and Access Management project, which these are), and added the images back into your post.

To provide some explanation as to why discourse.mozilla.org feels more secure than your bank, there’s more discussions going on here than just the public ones, some are confidential, and for those we need our authentication system to be very secure. Unfortunately that does mean that for everybody else usability has suffered, at least for the time being, but it’s something we’re working on.

After discussing this with the team, this is an issue which can be fixed on the discourse side:

We’re also going to be fixing this on a more general level by allowing users to choose whether or not to use autologin. We expect to deploy this to production in the evening hours (PST) today. You would then be able to go to sso.mozilla.com to disable autologin.

Unfortunately at this point in the authentication process we don’t know who you are, so we’re unable to determine if you can or cannot use a particular authentication method.

Presumably you used the same email address, and that’s how we knew.

As for the issue where once you try to use GitHub you then can’t use anything else, even if you haven’t enabled MFA on GitHub, that’s a little more difficult to fix. We’ve discussed it as a team this morning, and hope to have some updates to share soon.

We also had a session about improving the sign up experience last week and I guess we will be able to deliver significant improvements in the next two months.

Hope this helps soothe your frustration!

Cheers,
Leo


Unable to log in after a failed LDAP attempt
(Miles Thompson) #3

OK. Wow. Fully impressed by this response. All the best with trying to improve this and hope that my frustrations as expressed above were helpful in trying to design something that doesn’t frustrate others in a similar situation - folks who may never even register as a result I guess.


(Lissyx) #4

I’d like to second Leo and thank you, because I know you are not the first one getting blocked somehow on that, but nobody cared enough to give us more actionnable feedback that we could forward to the team in charge of authentication and discourse. You did, and that’s very useful :slight_smile:


Unable to log in after a failed LDAP attempt
(Albert Scheiner) #5

Thanks Miles and Leo for taking the time! Back when I went through this (and shame on me not reporting it) I was wondering why Firefox Account wasn’t an option.


(Michael) #6

I wanted to express an appreciation to utunga for going to the trouble to save those screen grabs and fully explain what sort of trouble was had in this case. Folks that do such like that are a benefit to a community, no matter brick-and-mortar, or a Net community.

I also was quite interested to see if I would have any trouble being able to enter into this community of the larger arena of this foundation and I am happy to report that all I had to do was enter my email address, which is a Google address, and then have a special link sent to that account that had to be used in a tad bit of a short time.

But what was odd was that the first notice that a message had been successfully sent to my email account indicated I had 15 minutes in which to use the link.

Copy of that:

your login link will expire in 15 minutes.

But when I got to the email message itself, just 2 minutes later, that message indicated I had 5 minutes.

I’m a tad confused about that. 15 minutes to open the email message itself; then 5 minutes after I open the email message to use the link?


(Gene Wood) #7

Michael, thanks for catching that mismatch on the two times. I’ve opened this issue on it and find out which one is right and fix the other one.

https://github.com/mozilla-iam/mozilla-iam/issues/51

-Gene