New Log In is...Interesting


#1

I am torn from where’st I was to a page so blank it strips my mind completely from where I was.

I can’t keep cookies because I often work from a laptop, so every time I log in I get an email.

I realize that I am supposed to be be better at diplomacy I know someone worked hard on the new log in. I know that someone’s livelihood might depend on the new log in. I realize that I am a mere guest on a forum of a company’s web forum…

Oh, it still doesn’t help. I hate the new log-in, the kind of hate where I wish it was physical so I could take it out in the garage and pound nails through it, the kind of hate that I wish it were standing in the middle of the road so, I could get its attention, to distract it and keep from noticing the car that comes it’s way, while I stare at it, not offering the smallest hint of a clue of what comes.


#2

Thank you. This made my day!


#3

Greetings,

All seriousness aside…

Is there a plan to link up the http://v5.rhino3d.com/profile/UserName database so that one login will rule them all?


#4

Easy Michael Bolton… PC Load letter?

NSFW: https://youtu.be/pD2xBXm4y70


(Andrés Jacobo) #5

Hi @Brenda, I’m AJ.

I’m the main developer behind the new login you’re so passionate about.

What is the biggest pain-point you’re experiencing with logging in?

I’m confident that at the very least you were able to login. Is it the emails getting sent to you? Is it the ‘blankness’ of the page you’re sent to?

I would appreciate your feedback.

Thanks!

-AJ


(Andrés Jacobo) #6

@denbutler That is our goal, yes. Over the years we’ve had different portals for different services. The goal is to consolidate them all at one point.


#7

I am actually stunned by the discourse new login feature !

If a person (like myself) denies to give discourse the right to its personal data/email: the user is taken to access denied page:

Is this the 100% open source Discourse is constantly bragging about?

I registered at the discourse.mcneel community only, and I am not interesting in any of benefits of being able to use the same account for other discourse communities, if that was the purpose of this bad addition.
And please do not try convince me that the information I have been forced to give you will be confidential and not used for malicious purposes.
I have just removed all my personal information from my profile in here.

If keep getting the email every time I clear my cookies and every time I use Google Chrome instead of Firefox, I would not want to come to discourse.mcneel.com anymore.


(Wim Dekeyser) #8

I took that as unification of logins to all McNeel-related content. I.e. food4Rhino, Grasshopper, software download, etc.

aj1 doesn’t have any information in his profile indicating who he’s working for. . .


#9

Woah - The main thing is ‘Not to Panic’ !

There is no requirement to dump a bunch of personal info into the database. It just requires an entry. Any entry will work.
Yerg Neila from Timbuk-two could be your login - and it would be pretty secure because you made it so. Security is not always a feature of the system - Use the system to improve your feeling of security.

I think that with the absence of disk media, and the acompanying license record, that a unified login is required for future ‘automatic’ license management. Obviously some may prefer no pseudonyms, but


#10

I don’t get this new log in. It feels intimidating and it’s a pain.
You already know my email and password why this interrogation on entering the site. What was wrong with the old way it’s like your twisting my arm saying acknowledge you’re under surveillance and agree to us knowing your personal information. This is the only site I’ve been on that posted that message.

I never liked this site because of having to use a password to begin with which is a total hassle and a waste in my mind you still haven’t improved over the old free forum just made it more intimidating and less user friendly.
RM


#11

Hi aj1,

We as users don’t know how much work it is to make the log in process. We don’t know what information is transferred from where to where, what authentication process that it takes to make it all happen in the secure way we’ve come to count on.

Rhino 3D has the best user interface I have ever seen in a 3D program, and I am critical about them. Unfortunately, this sets up our expectation equally high for the web forum.

In the big picture, I like my web forum passwords to be different than anything attached to commerce because I usually use two tiers of passwords, one for each. As Micheal Duff had said, “I was not born a Kennedy.” So, I get nervous every time I log into anything financial. It would seem that McNeel does to, and that’s why I am getting all the “You logged in from a new device” emails, which have to be managed.

I don’t want to be emailed every time I log in from a machine that needs not to have any cookies carelessly left on it. Every few days, I log in on my “mobile workstation” to try to help someone ( or offer my unsolicited opinion on something I probably have no business to, or have an idea like something to make the block manager even more powerful. )

The other problem I have with the new log in: I lose context from where I came, and what I was going to do. I don’t believe the old login did that.

As I stated, we don’t know and can’t appreciate all the hard work being done in the login process, and it seems that I want to be oblivious about it, because for some users like myself, logging in is a formality.


#12

Hi Roland,

I find reading this forum works a lot better if you are not logged in. Of course, if you want to contribute a comment, as I am doing now, you have to log in but that a rare event nowadays.

I’m not understanding what the current fuss is about logging in. When I want to logon to this site I click on a link that opens my browser with a user identity that will log on to this site. So far, the site has not asked me to Log in it happened automatically. Normally I visit the site with an user identity that is unknown to this site so I view the forum without seeing all the clutter that comes with logging in.

-jim


(Andrés Jacobo) #13

I took that as unification of logins to all McNeel-related content. I.e. food4Rhino, Grasshopper, software download, etc.

You’re right, @wim. I have updated my profile info to clarify that I am a McNeel employee.


(Brian Gillespie) #14

Yes, it still is. Discourse implemented a feature called Single Sign-On to enable us, and other Discourse servers to use alternate methods of authenticating users.

You’re correct. So far, you can log in to discourse.mcneel.com (to post), my.mcneel.com (for trainers to update their training material), wiki.mcneel.com (to add content), and www.rhino3d.com (mostly for internal use so far) using your McNeel account. Most of those won’t be interesting to most people because there’s no real content available to logged in users (yet).

AJ is a McNeel employee - he’s been working in the Seattle office next to me for the last couple years.

For a long time, we’ve required you to enter your email address and license key to download some products from our web site. Your license key has essentially been your password for getting privileged access. But it’s really not a very good password. Your McNeel account is a much better way for us to make sure we’re talking to you.

Eventually, we hope to make it possible for users to log in to our web site to retrieve information like what licenses they own. We also want to use McNeel accounts for letting customers edit their resource listings for http://www.rhino3d.com/resources. And to review and rate images in the gallery or the resources.

That’s a really great practice - I do the same thing.

Would you prefer to not get notified when your account is being used?

That’s definitely an annoyance. It may be a bug that the Discourse team can fix - I’ll bring that up with them. Actually, I can’t reproduce this problem. If I go to a long thread while I’m logged out, and then log back in, I get taken back to the same spot in the thread. Can you tell me more about what you’re seeing?


(Andrés Jacobo) #15

Thanks @brenda,

I appreciate your feedback. We are always looking to improve the way our products work.

As I stated, we don’t know and can’t appreciate all the hard work being done in the login process, and it seems that I want to be oblivious about it, because for some users like myself, logging in is a formality.

The end goal here is to provide a service that is secure, but that nobody talks about it because users like you can afford to be oblivious about it.

In the meantime, I will humbly suggest the following:

  • Allow cookies from discourse.mcneel.com and/or accounts.mcneel.com. This will keep you logged in on your device. McNeel Accounts does not store any PII in your cookies, so nobody can get access to your data by stealing your cookies. You can also only allow cookies from discourse.mcneel.com, which will keep you logged in to Discourse but will not store any information about McNeel Accounts on your machine.

-AJ


#16

@AJ, I am sorry that your status was questioned for having worked on a log-in, yikes!

@Brian, the problem that you can’t seem to reproduce is:
We can see the forums, and may even know where we want to be.
We click on the log-in button.
Everything goes blank/white. It doesn’t even look like the same site.
We log in.
We eventually get an redirect.

BTW, keeping cookies on a notebook that frequents a public place on browser close is likely not a good security practice.

Someone such as myself would not like an email unless it does something extraordinary like change password, login from a Chinese junk from satellite radio across a TOR network when I live in the US, or access my Rhino license/account settings. For me, the email frequency will become a constant annoyance that will discourage me from logging in as much–to the mirth and enjoyment of a growing number of McNeel employees.


(Brian Gillespie) #17

How long does it take between clicking Log In and seeing the Discourse site? For me, it’s about 3-7 seconds. And it’s never blank. For a while there’s a progress bar, and then “Please wait a second”, then I see Discourse.

I’m not sure I understand your concern.

Are you concerned that someone will get ahold of your computer and do something with the cookies they find? Or that the communication between your computer and our servers will be intercepted and someone will get ahold of cookies that they can then use to gain access to your personal information?

I guess that would mean that we’d need to capture more personally identifiable information about your computer and your browser and store it in our servers so that we could see that it’s you logging in from the same place again. But it turns out that’s really not possible. I guess we could store a cookie on your browser - oh, wait, that won’t work for you either. I guess we could assume that if a login attempt comes from the same general region of the world using the same browser, that it’s you. That doesn’t seem right, either. I’m not sure how to solve this for you, aside from letting you turn off the notifications completely.


#18

When I close my browser, if deletes all cookies; this is a safe practice.

Although I manage the cookies that I even let into my machine, and have used several tools to do it, AFAIK, there are no utilities that I know of that will set you keep some cookies, while deleting the others on exit, and I’m not going to be keep a McNeel cookie around if now it’s associated with a ecommerce.

The problem was solved.


#19

That’s a very nice way of saying: “Discourse is forcing you to collect your private data to their database. And if you do not want to do that, you will never ever be able to login to discourse.mcneel.com.”

Here it comes. The good old “cookies are good for you” part of the argument.


#20

@brian wiki.mcneel.com doesn’t seem to be working for me… --Mitch