Dear web developer,
Congratulations on creating a wonderful web based application to assist your company’s customers with registering and accessing your site. I cannot help but admire your use of concise, compliant code, the choice of fonts and colours, and other little niceties that went into your work. It seems a shame that you did such a poor job of designing usability into it that I feel compelled to take my custom to your competitor. Here is where you “lassoed the Fail Whale.”
a) In creating a userID, you may have a good reason to NOT let me use my email address, but it is not THAT good a reason. Email addresses are unique, easy to remember, and hey, easily tied to a user.
b) In setting password requirements, the wish to set minimum security standards is commendable. The practice of setting MAXIMUM security standards is idiotic. I have no idea how to set, or even remember a password that is exactly eight characters long, contains one metacharacter and starts with a letter. I can set a 19 character complex password and remember it easily.
c) In throwing an error because SOMETHING about my chosen username or password fails to meet your expectations, TELL ME WHAT THAT IS!!!! “Error 1315 in userid or password” may mean something to you, but unless you want to publish your error codes, the only thing it means to me is “shop elsewhere.”
d) While I appreciate an interest in security ever and always, on the fifth time I have to try to ferret out what is wrong with either my userid or my password, that you repeatedly clear some little TOS checkbox or other little nugget that has scrolled off screen, which I don’t realise I need to redo, generally leads to the overwhelming urge to hunt you down and beat you with a SCSI cable when the submit fails once again.
Here’s a couple of tips that might be of use to you.
1) Allow users to use their email address as their userID.
2) Set reasonable password requirements, but don’t set an arbitrary character count or pattern. Complexity is good, but forcing a pattern is not. By removing entropy you make the bad guy’s job so much easier.
3) Ask one of your parents to register for your site. If they can do it without any issue, you’re ready to rock. If not, try again.
Warm regards,
A lost customer.
PS/competitor X thanks you for the inadvertent referral.
You might also enjoy:
{ 1 comment… read it below or add one }
"..generally leads to the overwhelming urge to hunt you down and beat you with a SCSI cable when the submit fails once again." <– LMAO