IBM Cloud - Structured Ideas

Welcome to the idea portal for structured ideas (i.e. product feature requests) - A more integrated and automated feedback system to connect your product improvement ideas with IBM product and engineering teams.  Happy submitting!

 

NOTE: All IBM employees must enter Ideas through this Ideas Portal.

Multi factor auth (MFA) web UI prompts should not have history enabled.

All the prompts for MFA codes store previous results, which is useless and gets in the way, since there is almost no chance that you will ever re-use the same code. Please disable this, so that the UI stops making suggesting and showing previous results.

 

In theory, it is also a security risk, although the likely hood of that actually being exploited are likely very low.

  • Sean Kane
  • Aug 9 2019
UI
  • Attach files
  • Admin
    GILLY DEKEL commented
    August 11, 2019 17:49

    Is this in references to MFA for the platform or with the App ID service ?

  • Sean Kane commented
    August 12, 2019 18:22

    MFA for IBM cloud (cloud.ibm.com), Softlayer (control.softlayer.com) and likely Bluemix (control.bluemix.com). A picture has been attached showing the issue on the IBM Cloud login screen.

  • Admin
    BEN LOPEZ commented
    September 23, 2019 16:41

    Marking as will not implement. This can be switched off in the browser, and there is no real vulnerability here as far as codes being reused goes. No development resources are available to address this at present.

  • Sean Kane commented
    September 23, 2019 17:38

    Obviously you can decide to never fix it, but this behavior can not be realistically switched off for a single form in the browser. Suggesting the fix for everyone is to broadly disable the functionality of their browser for the whole IBM site or all sites in general instead of labeling the field correctly in the HTML/javascript seems silly. In general this should be as easy as this: 

    <input type="text" autocomplete="off"/>

    And this basic use-case is undeniable the exact reason that the autocomplete option exists in forms.

NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "anonymous@euprivacy.out" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions