Security Idiocy Shaming: newegg.ca

newegg.ca, a heretofore-reputable dealer of computer components, has a terribad password-configuration experience. Ahem:

What you should do: Require a strong password.
What you should not do: Apply an arbitrary upper bound of 30 characters to password length.
What you should double not do: Inexplicably let the user set a password longer than the limit, AND THEN LOCK THEM OUT OF THEIR ACCOUNT, because you did something to their too-long password upon save that renders it unusable (no, just entering the first 30 characters didn’t work).

What you should do: Allow two-factor authentication.
What you should not do: Make your fancy “six individual boxes” UI for entering the auth code DISALLOW PASTING, so instead of being able to use my password manager’s convenient feature where it automatically puts the 2FA code on the clipboard when I log in, I have to go look up the code and type it in one digit at a time, like a caveman.

I think from now on I’ll buy my computer parts from a company that can hire competent people to design their website. ¯\(ツ)

Dan J @danj