Signing In To A Website

September 01, 2006
By Robbin Steif

Don’t you just hate when you forget your password? Or worse yet, you forget both your password and your user id.

If you are desperate enough, you’ll be able to retrieve them. Plenty of sites make it easy to get them again (I lost my Offermatica password twice today and both times, got a new one within minutes. But that’s because they made it easy.)

The real problem for websites is when the user really does need to sign in (think online banking or looking at frequent flyer points online, for example) and can’t, because she forgot her information. So instead, she gets her customer service the old fashioned way, which is exactly what these companies are trying to get away from.

I’m not arguing for no passwords or everyone having “weak” passwords. But why can’t sites that require a password signin remind you of their format? If the user id is an email address, always, why don’t they tell you that? There is no security issue — anyone who wants can proceed to the signup screen to learn the format. If the password must be longer than 8 characters and include at least two non-alpha characters, why don’t they tell you that after your password fails, instead of just failing? We all have a “pool” of favorite passwords so that we don’t have to remember every word in the alphabet – if you tell me what the format is, I can probably narrow it down to three passwords and possibly succeed before I have tried too many times.

Robbin Steif
LunaMetrics