![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
UI? What's UI?
What do you get when you have a major, huge company who has traditionally done enterprise Windows apps, with a smidgen of Linux?
SUCKTACULAR UI!
Take Eclipse. (No, really, please. Take it, beat it into submission, strip off the laughable UI and make something worthwhile. Really. It's embarrassing, it's so bad.)
Or Lotus, well, anything. It's even worse.
But tonight... tonight I hit the nadir. I use an internal proprietary (Standards? What, those things we convince our customers they need? Pah, we don't need them... they're too expensive.) VPN solution to hook into the company intranet. The guts of it are pretty solid, as far as I can tell. It's yet to fail me. The UI though?
Go to connect tonight "Cannot connect." Well gee, that's helpful. Try again. "Cannot connect." Hmm. Once more time, with feeling. "Cannot connect." How odd. One last time...
"Your account has been locked, possibly due to multiple logon attempts with an incorrect password."
Right, I changed my intranet password yesterday.
And... that's it. I have no indication of how to contact anyone to find out how to 'unlock' my damned account, it never gave me a hint that perhaps it was a password problem (which would have jogged my memory immediately), and of course to get any useful information, I need to be... you guessed it... on the intranet.
SOL, up shit creek, humped, boned, dry fucked and left hanging... pick your phrasing.
Unbelievable.
Saddest part? Five gets you twenty, when I bring this up with the VPN client team, I'll get utterly blown off, because this is how they think software is supposed to work. Or not.
SUCKTACULAR UI!
Take Eclipse. (No, really, please. Take it, beat it into submission, strip off the laughable UI and make something worthwhile. Really. It's embarrassing, it's so bad.)
Or Lotus, well, anything. It's even worse.
But tonight... tonight I hit the nadir. I use an internal proprietary (Standards? What, those things we convince our customers they need? Pah, we don't need them... they're too expensive.) VPN solution to hook into the company intranet. The guts of it are pretty solid, as far as I can tell. It's yet to fail me. The UI though?
Go to connect tonight "Cannot connect." Well gee, that's helpful. Try again. "Cannot connect." Hmm. Once more time, with feeling. "Cannot connect." How odd. One last time...
"Your account has been locked, possibly due to multiple logon attempts with an incorrect password."
Right, I changed my intranet password yesterday.
And... that's it. I have no indication of how to contact anyone to find out how to 'unlock' my damned account, it never gave me a hint that perhaps it was a password problem (which would have jogged my memory immediately), and of course to get any useful information, I need to be... you guessed it... on the intranet.
SOL, up shit creek, humped, boned, dry fucked and left hanging... pick your phrasing.
Unbelievable.
Saddest part? Five gets you twenty, when I bring this up with the VPN client team, I'll get utterly blown off, because this is how they think software is supposed to work. Or not.
no subject
You probably didn't notice this, but the response time for each failed auth attempt probably increased by a significant percentage, another standard ploy for slowing down dictionary attacks.
It's also standard practice to provide minimal information when an auth attempt fails--if you return one message when the account name is wrong, and a different one when the name is right but the password is wrong, that tells the bad guy when he's found a valid login name.
In short, security procedures are not about making it easy for the user, but about making it a pain in the ass for the bad guy.
Not telling you your connection failed because of auth failure is taking that a bit far, though. :)
And not providing you with the number you need to call to reset your account is something they should probably be able and willing to fix. Unless they think that they provided you with that information and it should be easily accessible to you from your home, without access to the intranet. Didja RTF VPN M?
no subject
The included app help didn't even include the keywords 'incorrect' 'locked' or 'failure'.
"In short, security procedures are not about making it easy for the user, but about making it a pain in the ass for the bad guy."
Unfortunately, defining 'bad guy' to include 'user who slips up' just results in making it a pain for the user. :P
We've got a battle going on right now concerning the internal IM system I should tell you about offline sometime. It's... insane.
no subject
no subject
no subject
no subject
Work is hugely (overly?) security conscious, though I guess it could be a popular hacking target. But it adds a huge cost to our work. And the business controls, to make sure we're not embezzling or sneaking spare parts out of the factory - BLEAH! We once counted seven distinct audit layers...
no subject
Security guys only trust their users as far as management forces them to, and they're not happy about even that much.
no subject
Dude, pass me some of what you're smoking.
no subject
IT will then do the absolute minimum necessary toward clause A that allows them to avoid execution of clause B. :)