The problem with passwords
A company can provide excellent products at good prices with excellent service and louse up on what might seem like a simple thing – passwords. We all know that passwords are important. They provide security. It’s just that the people who devise password requirements for their company seem to believe that their system is the right one. The fact that it may be different to everybody else’s is not their problem. It’s the others who are out of step.
Take BT Mobile for example. Their product is okay, their prices aren’t bad and they provide online billing which is efficient. Every month they send an email inviting you to look at your bill with a hyperlink on the word “view”. This works well for a couple of months and then suddenly you hit a snag. BT Mobile in their wisdom has decided that you need to change your password every 90 days. This must have sounded like a good idea to someone in their IT department. The frustration now begins. When you click on the “view” hyperlink it takes you to a screen which asks you for a “new password” and then confusingly it also asks for simply “password”. Is this last request asking for the old password or the new password? Again, it must have seemed crystal clear to the IT department though it is doubtful that they ever checked it out with real customers.
How many passwords have you got? At the last count we had around 30 and for sure we will have missed some. Some of the passwords are with retail accounts where we may seldom return while others are with utility suppliers, banks and other more important providers. Just accessing your computer every day requires a password. Now imagine that every one of these organisations required a new password every 90 days; that would mean 120 new passwords a year. And remember, each organisation doesn’t have the same requirement for a password. Some allow you to devise your own password, others require a minimum of eight words, some want 12 words, and many insist on some form of special characters such as asterisks and exclamation marks. Most won’t let you use a password that has previously been your choice. This makes life so complicated almost everyone has to keep a written record of these passwords for otherwise they are so easy to forget. We may deride people for sticking post-it notes of the passwords on the wall or writing them with a Sharpie on the devices they carry around with them. Of course we deride them because this negates the whole purpose of the password. And yet, we all do it – or at least a good number of us do it.
We are returning to an old problem in the customer experience world – a lack of joined up thinking. IT departments can be a law to themselves when it comes to setting rules for security. The more complex the rule, the greater the level of security and this can be in inverse relationship to the customer experience. What’s the point in having a system that is so secure it pisses everyone off? The sooner security systems are devised that use voice, facial recognition, thumbprints or the like, the better. At least we think so and we have our fingers crossed that they won’t introduce additional snags caused by sore throats, bags under the eyes, or wet hands.