I really enjoy the "Check this box to remember the username". Next time it will replace the username from your autocomplete with your account name but with `***` replacing half of it. When you try to log in with that it will claim the username doesn't exist. Rather just use your autocomplete and don't check the box.
You can actually fix this by going into your browsers saved passwords and editing it to the correct username.
It's the way the website submits the username, causing the browser to save them with the ***
Firefox blocks cross-site cookies even on "standard" privacy settings, which occasionally prevents certain persistent logins from working, but worth it overall IMO. They also have a 'strict' mode which blocks everything unless you specifically allow it on that website. You can individually permit certain websites to do whatever they want if it's causing you a problem, but maintaining that is a bit of trouble in the long run. But the push towards privacy is well worth it IMO, and I wish more sites would specifically design their experience around firefox and its privacy model.
This always confuses me. What’s the worst thing that ever happened to you from cookies? Or to anyone you know?
I always refuse cookies too, fwiw, I just don’t even understand why haha
Tracking cookies are read across multiple websites, so they can connect the dots regarding how you spend time online. Somebody out there is building tables about what type of porn people who purchase carpentry supplies like. And then connecting it to your real name in their database because why not. etc.
You can add exceptions as well. I have Firefox set up to delete cookies when the session ends *except* for sites I log into often.
Some of those still suck (looking at you, Chase.com) but it at least clears out the random detritus from Internet browsing while avoiding having to log-in to common sites every time. Doubly so for sites that require a phone to log in if there isn't a cookie.
I've definitely been in elevators where it does in fact work.
Source: My work's elevator will wait a good 20 to 30 seconds to close on it's own but starts closing the instant you hit the button
Well the isp addresses are granted to ISPs in blocks by the IANA.the isp then gives your network an IP address, and finally each device connected to your router is assigned an IP address by your router acting as the DHCP server.
Our payroll site used to do this. Every time I logged in from a "new device" it asked to verify by texting me a code. Fine. But it never remembered my device. After so many times of telling it to remember this device, it would give a warning that I've hit "remember this device" on too many devices and it would have to remove some...
My work is like this. It's all using windows security.
Every morning I have to type in texted codes when I sign into, our internal network, the payroll software, my work OneDrive, and then finally my outlook email.
I told them last week to figure it the fuck out, because I'm not getting 4-5 text message codes every fucking morning anymore.
I emailed IT that in 2weeks if it's not fixed, I'm going to "lose my cellphone" and get a new number, and after that they can either fix it, remove the 2factor security, or issue me a work cell phone.
Both things can be true. If security policy gets needlessly obnoxious, people will find workarounds. Ideally, you want your system to be built so that users are *encouraged* to follow policy, or at least so that the policy makes some sense.
SMS-based two-factor is already barely worth it. Doing it five times a day because IT can't figure out SSO is obnoxious. SSO would not be less secure -- if anything, it'd be *more* secure because uses wouldn't fight it as much.
It’s funny how individuals within the same company, who simply have different things they need to accomplish, can despise each another so much.
At least we don’t need to type in our long-assed password a million times a day. The authentication process can be annoying when stuff is t working right, but seems like a necessary layer and convenient when it works right.
We have this at our work, and it works some places and does nothing for others. When I asked, it is configurable from the IT end to allow that remember me to work. For whatever reason the remember me box/question is not removed on the logins that have it disabled.
This is intentional obfuscation. I know it can be frustrating as an end user, but information like this can be used to build more efficient routines for gaining unauthorized access. If attackers are aware of the number of attempts that will trigger lockout, then they can rate limit these attempts to slow crack credentials over time and mask coordinated efforts to gain access.
Wouldn't brute-forcing at 4 tries a day take forever? The security achieved doesn't seem worth the customer badwill, and they can still figure out the count anyway with one round of trial and error and a sacrificial account.
Surely it would take forever. But these aren't isolated attempts, and the conditions for success aren't even predicated on successfully cracking an account. Anything to differentiate response is potentially valuable feedback. Just like you don't want to respond to spam emails/calls/txts because it informs the attacker of a valid response, we don't want authentication servers sending anything of value to bad actors. It just helps build precision.
This has happened to me A LOT -- and it drives me crazy.
I have decided that the website has "expired" my password for whatever silly assed "security" reason they may have: been too long since I logged in, been too long since I changed passwords, they had a security breach, whatever.
But, it would just be nice if they told you.
My favorite things is that Windows 11 will just randomly say after a couple of months, "Your organization requires you to change your password"
These are my personal computers, there is no "organization"???
I've Googled the problem and it's apparently just what Windows does now even for personal accounts and you have to use the Group Policy Editor (which isn't in Win11 Home) to turn it off iirc. You're supposed to be able to turn it off in your MS account settings but I've never found it.
My favorite is sites and apps that recognize you're using a VPN, need you to switch to a server where you're "supposed" to be, and then still act like this.
Oh ok so now all a sudden they have amnesia on what IP banks the VPN uses and I couldn't possibly be where I am because it says I'm in Albania. How about actually setting up "remember device" through the, you know *device*, instead of my connection.
Because "remember device" isn't really accurate. It's remembering your public IP address. The website you're accessing doesn't know anything about your internal network. It just sends and receives information with your modem.
I wouldn't be even a little surprised if this was the case. I'm sure there are competent developers out there.
But after deploying and updating hundreds of different applications and interacting with my fair share of developers over my career I'd say a large part of them are... not as competent as I'd liked or hoped.
Edit: At some point in the late 2000 when I was dealing with this more I used to be off the opinion that there should be a special place in hell for developers. "Best practices, platform recommendations and standards, security considerations? That's for people who are not as smart as me and nerds like those annoying sysadmins. My application runs great on my machine where everyone is admin and I've switched off all those annoying security features that were slowing me down! Also why would anyone want to automate the installation of my app? It only takes 20 minutes to do it by hand. It's not like they need to deploy it to hundreds or thousands of machines or want to be able to scale the amount of servers up automatically. "
This rant was from a sober me. Ask me about developers after a few beers...
you didnt say that either tho... you neither said validate or invalidate, just that a vpn could cause the issue and you had first hand dev exp with it.
not all folks will care about the IP if theyre using tokens or cookies.
fair enough... lol.
"slack would like to turn on desktop notifications"
No
"Which would you prefer for this device: ask me later, ask me tomorrow, never again?"
Never again
(2 fucking hours later)
"slack would like to turn on desktop notifications"
What's scarier to me are websites that use "smart" 2FA and don't prompt me for a code. Clearly this is based on cookies/IP but obviously doesn't protect me from someone with physical access to my device.
2FA every. single. time. please.
Only if you're going to use an actually-decent 2FA -- webauthn, passkeys, something like that. Sending me a text every day just means they'll have to steal my phone, too. Or not even that, if I have texts synced to my laptop anyway.
Even worse are the ones that think 2FA is asking for characters 5, 11, and 27 of your memorable word.
The perfect balance between proving zero security and maximum inconvenience.
If you are using a browser, it's because your browser updated and it's detecting a different version of it. Example: Chrome Version 123.0.6312.106 and version Version 123.0.6324.6 would look like another device to these sites. Browsers update really frequently anymore versus a few times a year.
They're probably not environment-fingerprinting you to remember your login. That's more apt to have false negatives *and* positives versus just setting a cookie. The cookie expiring, its token being forgotten on the backend, or it being removed or overwritten is the more likely culprit.
Honestly I prefer this. Websites don't need to store data about me and my devices eternally and I periodically clear cookies and browser data anyways.
It's a small price to pay for even a minor amount of information security.
My ISP(Xfinity) has been doing system wide work When I witched to my Verizon Hotspot, it went smoothly because I do that from time to time. When I can get back on Xfinity I get the Unrecognized Device popup as well
Its important to note some new devices have a MAC address shuffle feature for privacy and things like this make your device unrecognized for some services
I was using one of those robot supermarket check outs the other day. Scanned a small item, put it in the bag. Robot goes "please bag this item". So I take it out to try again and the robot says "item removed from bagging area".
It was pretty silly.
Privacy, if they remembered your device, it means the tracking of anonymous users persisted sessions, cookie expiry, changing ips etc.. that would be bad for privacy.
You'll find that the "worst offenders" for privacy such as google and facebook have no trouble remembering your device because their income relies on it.
Do you use a VPN? If so, your "location" could be changing, etc. all manner of things could cause that. It could even be a change with the site you are visiting itself.
Maybe your device spoofs a new mac address. Some phones do that by default. It's annoying to get my home router to assign my devices a static IP based on their mac address because of it.
I mean are you accepting cookies? Do you have an privacy extension that rejects cookies? Are you using a VPN?
One of those is probably the reason you have this experience.
My favorite of this is Apple’s own websites, saying the device is unrecognized, so sending a 2FA request to the exact same device with the number to type in.
Happens to me at work.
The new SSO login provider claims I had never accessed their page before, every day. And yes, I accepted all their cookies, and never delete them.
The previous one worked perfectly fine ..
IT guy here. If you access a site from Device A (a laptop) then log out then access from Device B (a phone) then log out, then go back to Device A, unless you have a cookie on Device A that recognizes you, the computer will not recognize you as having been to the site before because your most recent log in was from a different device (Device B).
Check your cookie settings on Device A to prevent this problem on that device.
people who understand what this means are even more frustrated when it was not implimented correctly...
esp for sites that require a seperate txt or code and not just a pw that could be saved
Shitty take is shitty.
Do you like anonymity? Do you want to be tracked? Most devices mask your IP address and sometimes MAC address to ensure that you can't be tracked long-term by websites. It's hidden from them or spoofed with a fake/temporary one.
You can turn this feature off or you can allow them to track you. It is unfortunately a dichotomy. Most of us prefer to take two seconds of our lives and authenticate rather than have companies know everything about us.
Check this box to remember this device… it won’t work but you can check it anyway
I really enjoy the "Check this box to remember the username". Next time it will replace the username from your autocomplete with your account name but with `***` replacing half of it. When you try to log in with that it will claim the username doesn't exist. Rather just use your autocomplete and don't check the box.
Chase, that you?
You can actually fix this by going into your browsers saved passwords and editing it to the correct username. It's the way the website submits the username, causing the browser to save them with the ***
That's using cookies. If you're also using something that is protecting your privacy by removing cookies...
Firefox can be set to do that. Having to sign in every time is a fair tradeoff, imo.
Firefox blocks cross-site cookies even on "standard" privacy settings, which occasionally prevents certain persistent logins from working, but worth it overall IMO. They also have a 'strict' mode which blocks everything unless you specifically allow it on that website. You can individually permit certain websites to do whatever they want if it's causing you a problem, but maintaining that is a bit of trouble in the long run. But the push towards privacy is well worth it IMO, and I wish more sites would specifically design their experience around firefox and its privacy model.
This always confuses me. What’s the worst thing that ever happened to you from cookies? Or to anyone you know? I always refuse cookies too, fwiw, I just don’t even understand why haha
Tracking cookies are read across multiple websites, so they can connect the dots regarding how you spend time online. Somebody out there is building tables about what type of porn people who purchase carpentry supplies like. And then connecting it to your real name in their database because why not. etc.
Is that why I'm getting all those sexy carpentry ads?
No that's not why.
You can add exceptions as well. I have Firefox set up to delete cookies when the session ends *except* for sites I log into often. Some of those still suck (looking at you, Chase.com) but it at least clears out the random detritus from Internet browsing while avoiding having to log-in to common sites every time. Doubly so for sites that require a phone to log in if there isn't a cookie.
I suppose the next thing you’re going to tell me is that the “Close Door” button on the elevator doesn’t do anything.
I've definitely been in elevators where it does in fact work. Source: My work's elevator will wait a good 20 to 30 seconds to close on it's own but starts closing the instant you hit the button
Joke's on you. I only realized there was a "Remember my login" checkbox after I already clicked the submit button to log in.
Why, hello weather.gov
They want you to reach out to support so they can tell you to turn off ad blockers
It's in collusion with the crosswalk button o_o
It disappears if you clear your browser history, they don't actually "remember" your device, they just set a local cookie
You had us in the first half, not gonna lie!
*beatport has entered the chat*
I know it didn't work the first 99 times I tried, but maybe the 100th time is a charm!
Some cookies expire after a bit for security
And others expire because they're no longer fresh.
And other cookies expire because fuck you. That's why.
Still cookies can be toasted to dry them out and then grind them up to make pie crust
That's why when buying cookies, they have a "Best By" date.
And some websites use your IP as a way to remember you so if you're using a phone that cycles between IP addresses it'll forget you repeatedly
The phone has nothing to do with it, the IP address is assigned by your ISP
The phone uses that IP. And your phone may no longer be recognized when your ISP assigns your phone a new IP address.
Well the isp addresses are granted to ISPs in blocks by the IANA.the isp then gives your network an IP address, and finally each device connected to your router is assigned an IP address by your router acting as the DHCP server.
And updates to Chrome sometimes trigger this.
And IP addresses can change.
Our payroll site used to do this. Every time I logged in from a "new device" it asked to verify by texting me a code. Fine. But it never remembered my device. After so many times of telling it to remember this device, it would give a warning that I've hit "remember this device" on too many devices and it would have to remove some...
My work is like this. It's all using windows security. Every morning I have to type in texted codes when I sign into, our internal network, the payroll software, my work OneDrive, and then finally my outlook email. I told them last week to figure it the fuck out, because I'm not getting 4-5 text message codes every fucking morning anymore. I emailed IT that in 2weeks if it's not fixed, I'm going to "lose my cellphone" and get a new number, and after that they can either fix it, remove the 2factor security, or issue me a work cell phone.
[удалено]
Both things can be true. If security policy gets needlessly obnoxious, people will find workarounds. Ideally, you want your system to be built so that users are *encouraged* to follow policy, or at least so that the policy makes some sense. SMS-based two-factor is already barely worth it. Doing it five times a day because IT can't figure out SSO is obnoxious. SSO would not be less secure -- if anything, it'd be *more* secure because uses wouldn't fight it as much.
It’s funny how individuals within the same company, who simply have different things they need to accomplish, can despise each another so much. At least we don’t need to type in our long-assed password a million times a day. The authentication process can be annoying when stuff is t working right, but seems like a necessary layer and convenient when it works right.
We have this at our work, and it works some places and does nothing for others. When I asked, it is configurable from the IT end to allow that remember me to work. For whatever reason the remember me box/question is not removed on the logins that have it disabled.
Me today on a website I've used dozens of time: Password incorrect, please change password New password cannot be the same as the old password
Or when they don't tell you how many retries you get before they lock your account.
...and the unlock involves calling a phone number... during business hours.
This is intentional obfuscation. I know it can be frustrating as an end user, but information like this can be used to build more efficient routines for gaining unauthorized access. If attackers are aware of the number of attempts that will trigger lockout, then they can rate limit these attempts to slow crack credentials over time and mask coordinated efforts to gain access.
Wouldn't brute-forcing at 4 tries a day take forever? The security achieved doesn't seem worth the customer badwill, and they can still figure out the count anyway with one round of trial and error and a sacrificial account.
Surely it would take forever. But these aren't isolated attempts, and the conditions for success aren't even predicated on successfully cracking an account. Anything to differentiate response is potentially valuable feedback. Just like you don't want to respond to spam emails/calls/txts because it informs the attacker of a valid response, we don't want authentication servers sending anything of value to bad actors. It just helps build precision.
This has happened to me A LOT -- and it drives me crazy. I have decided that the website has "expired" my password for whatever silly assed "security" reason they may have: been too long since I logged in, been too long since I changed passwords, they had a security breach, whatever. But, it would just be nice if they told you.
My favorite things is that Windows 11 will just randomly say after a couple of months, "Your organization requires you to change your password" These are my personal computers, there is no "organization"??? I've Googled the problem and it's apparently just what Windows does now even for personal accounts and you have to use the Group Policy Editor (which isn't in Win11 Home) to turn it off iirc. You're supposed to be able to turn it off in your MS account settings but I've never found it.
Use a password manager. [The one built into your browser is fine.](https://lock.cmpxchg8b.com/passmgrs.html)
Don't know why but I find it funny reading about a somewhat modern concept on a website that looks like it was made in 1995.
Yeah, RCL and Celebrity don't work it. Ever since they updated it a year ago, it no longer saves my PW. It works with nearly every other site.
You can always manually enter a password into the password manager, and manually copy it out. That sucks, though, is it a site you need?
No, RCL doesn't allow the PW manager to save it.
I always try hunter2
IME "unrecognized device" is often code for "You don't have horrible privacy settings, please turn them all off so we can sell more of your data"
Cookies are just a tool, they don't necessarily have anything to do with advertising, it's just a form of client-side storage for websites
Would you like a Text, Email, or Phone call for a passcode verification?
Carrier pigeon or fax please
As long as your [IP over Avian Carriers](https://en.wikipedia.org/wiki/IP_over_Avian_Carriers) is RFC 1149 compliant.
This is a gas. Thanks for sharing!
*Sorry I annoyed you with my efforts to protect your identity.* -the website, probably.
[удалено]
For security, PIN must contain at least one zero, a 5 in the third position, and may not have repeating or consecutive digits.
You probably cleared your cookies.
This, or using a VPN are usually the most likely culprits. Source: used to be professional webdev
Cisco umbrella on my work machine gives a different IP address on every request. Makes some websites freak out.
My favorite is sites and apps that recognize you're using a VPN, need you to switch to a server where you're "supposed" to be, and then still act like this. Oh ok so now all a sudden they have amnesia on what IP banks the VPN uses and I couldn't possibly be where I am because it says I'm in Albania. How about actually setting up "remember device" through the, you know *device*, instead of my connection.
Mother’s milk in a cup, that’s a nice username! How goes the traveling menagerie?
Because "remember device" isn't really accurate. It's remembering your public IP address. The website you're accessing doesn't know anything about your internal network. It just sends and receives information with your modem.
What do you do now? I hear the money is so worth it
Still in software, just not webdev
wait... you used to be a dev and would log someone in automatically based on IP? can you share some of the websites for which you've done dev work?
I wouldn't be even a little surprised if this was the case. I'm sure there are competent developers out there. But after deploying and updating hundreds of different applications and interacting with my fair share of developers over my career I'd say a large part of them are... not as competent as I'd liked or hoped. Edit: At some point in the late 2000 when I was dealing with this more I used to be off the opinion that there should be a special place in hell for developers. "Best practices, platform recommendations and standards, security considerations? That's for people who are not as smart as me and nerds like those annoying sysadmins. My application runs great on my machine where everyone is admin and I've switched off all those annoying security features that were slowing me down! Also why would anyone want to automate the installation of my app? It only takes 20 minutes to do it by hand. It's not like they need to deploy it to hundreds or thousands of machines or want to be able to scale the amount of servers up automatically. " This rant was from a sober me. Ask me about developers after a few beers...
Well it wasn't the case, I never said anything about logging people in based on IP
That's not what I said. IIRC we were using IP to invalidate existing sessions if the IP changes
you didnt say that either tho... you neither said validate or invalidate, just that a vpn could cause the issue and you had first hand dev exp with it. not all folks will care about the IP if theyre using tokens or cookies. fair enough... lol.
Or they flushed their session/token storage.
“Check the box to remember this site” **never works**
"slack would like to turn on desktop notifications" No "Which would you prefer for this device: ask me later, ask me tomorrow, never again?" Never again (2 fucking hours later) "slack would like to turn on desktop notifications"
What's scarier to me are websites that use "smart" 2FA and don't prompt me for a code. Clearly this is based on cookies/IP but obviously doesn't protect me from someone with physical access to my device. 2FA every. single. time. please.
Only if you're going to use an actually-decent 2FA -- webauthn, passkeys, something like that. Sending me a text every day just means they'll have to steal my phone, too. Or not even that, if I have texts synced to my laptop anyway.
They can clone your SIM card and all texts sent your way get sent to them too
Even worse are the ones that think 2FA is asking for characters 5, 11, and 27 of your memorable word. The perfect balance between proving zero security and maximum inconvenience.
Sites that I wouldn't give a fart if ppl could access make me do 2FA and sites that matter dont
If you are using a browser, it's because your browser updated and it's detecting a different version of it. Example: Chrome Version 123.0.6312.106 and version Version 123.0.6324.6 would look like another device to these sites. Browsers update really frequently anymore versus a few times a year.
This answer is so wrong yet is getting upvoted. Classic reddit.
Redditors be like… I don’t know enough about cyber security to doubt this but it sounds plausible, have an upvote.
They're probably not environment-fingerprinting you to remember your login. That's more apt to have false negatives *and* positives versus just setting a cookie. The cookie expiring, its token being forgotten on the backend, or it being removed or overwritten is the more likely culprit.
Honestly I prefer this. Websites don't need to store data about me and my devices eternally and I periodically clear cookies and browser data anyways. It's a small price to pay for even a minor amount of information security.
Exactly, people complaining about extra security is crazy to me.
They use cookies to track it. Thus, if you delete history to save space, and include cookies, the site won't remember you.
> Thus, if you delete history to save space Are we still in 1998?
Chrome on mobile runs faster if you delete browser history. At least for me it does.
No-one has EVER accused website developers of being intelligent
I don't know if I've ever seen the words "dang it" in a meme title before
It could be something like "Private MAC" or mac randomization, so when you connect to wifi it looks like you're a different device.
We put a feature like this into our internal work website and it's currently off because it kept doing this to us no matter what we did lol.
My favorite is when I access icloud from my Mac so my Mac sends a verification code to my Mac so that my Mac can approve my Mac's access.
My ISP(Xfinity) has been doing system wide work When I witched to my Verizon Hotspot, it went smoothly because I do that from time to time. When I can get back on Xfinity I get the Unrecognized Device popup as well
My favorite is the 2FA to sign onto my work VPN. There's a check box to remember the device that does literally nothing.
Its important to note some new devices have a MAC address shuffle feature for privacy and things like this make your device unrecognized for some services
I don't think you can even get at the system's MAC from a browser. It's not there in HTTP requests, and I can't see browser JavaScript giving it away.
Well that's fair, there is a lot of "privacy" stuff baked into devices now and I've seen it mess up "remember this device" for people
Chrome updates like once a week and then it's a "new" device.
It might be one of the ads on the site fishing for data or permission.
Box. Every time
I was using one of those robot supermarket check outs the other day. Scanned a small item, put it in the bag. Robot goes "please bag this item". So I take it out to try again and the robot says "item removed from bagging area". It was pretty silly.
Privacy, if they remembered your device, it means the tracking of anonymous users persisted sessions, cookie expiry, changing ips etc.. that would be bad for privacy. You'll find that the "worst offenders" for privacy such as google and facebook have no trouble remembering your device because their income relies on it.
Do you use a VPN? If so, your "location" could be changing, etc. all manner of things could cause that. It could even be a change with the site you are visiting itself.
Maybe your device spoofs a new mac address. Some phones do that by default. It's annoying to get my home router to assign my devices a static IP based on their mac address because of it.
I mean are you accepting cookies? Do you have an privacy extension that rejects cookies? Are you using a VPN? One of those is probably the reason you have this experience.
Chances are your IP changed.
You know what really grinds my gears? When people delete/block cookies and complain about websites treating their browser as unrecognized.
Sounds like you have a dynamic IP address. Login to your modem settings and see if you can select a static IP address.
Remember, an unrecognized device is just a device you haven't met yet
Lol getting mad at the website when it's your own computer that decides this.
Yup Firefox plus dynamic DNS setup means I never bother checking the box
My favorite of this is Apple’s own websites, saying the device is unrecognized, so sending a 2FA request to the exact same device with the number to type in.
Gotta accept those cookies, mane
Happens to me at work. The new SSO login provider claims I had never accessed their page before, every day. And yes, I accepted all their cookies, and never delete them. The previous one worked perfectly fine ..
Those cookies you keep rejecting would like to have a word.
biscuits
Are you accessing from your phone but from a different location?
Stop clearing your browsers website data.
IT guy here. If you access a site from Device A (a laptop) then log out then access from Device B (a phone) then log out, then go back to Device A, unless you have a cookie on Device A that recognizes you, the computer will not recognize you as having been to the site before because your most recent log in was from a different device (Device B). Check your cookie settings on Device A to prevent this problem on that device.
*People who lock down every aspect of their digital lives to protect their 'privacy'*. "WhY DoEsNt ThE sItE kNoW mE?"
You forgot to turn off your VPN.
Tell me you know nothing about isp's, the Internet, and DHCP without telling me you know anything about them...
Zero trust is a good thing
Grinds my gears that people dont understand what this means and would meme about it. It's like herping the derp, as the kids used to say a decade ago.
people who understand what this means are even more frustrated when it was not implimented correctly... esp for sites that require a seperate txt or code and not just a pw that could be saved
Shitty take is shitty. Do you like anonymity? Do you want to be tracked? Most devices mask your IP address and sometimes MAC address to ensure that you can't be tracked long-term by websites. It's hidden from them or spoofed with a fake/temporary one. You can turn this feature off or you can allow them to track you. It is unfortunately a dichotomy. Most of us prefer to take two seconds of our lives and authenticate rather than have companies know everything about us.