Virtually all websites with which most people interact require some sort of login. This is totally understandable. Web security is a major concern – not to mention a multi-billion dollar global industry.
In pursuit of that security, these websites use a login process which demands at minimum a username and password. While most usernames are fairly ubiquitous, their corresponding passwords require more complexity to ensure that they cannot be easily hacked into.
Although far from perfect, this double-level of security generally works. That’s not to say that it’s not without its problems. And there are problems.
The complexity of most passwords stipulates that the passwords in question be of a certain length (i.e. number of characters – usually in the neighbor hood of 6-20); and contain certain characters. These stipulations can mandate that there is at least one upper case letter and/or at least one number. Others go so far as to require, or prohibit “special characters” such as #, @, ?, $, %, etc.
We have no problem with any of this if it, in fact, can help protect our web security. Hence, we have arrived at the problem.
When creating these complex passwords, there are far too many (granted, not all) websites which simply instruct the user to create a password. Only after you create a password and it’s rejected, do they tell you what the criteria for that specific password are. Only after your password has been rejected do they post something like: “Passwords must at least 8 characters and contain at least one uppercase letter and one number, etc.
You couldn’t have told me that BEFORE I created my first password? It’s not that big of a deal to include (or exclude) certain characters, but it would be a whole lot easier if you said something beforehand. As it is, I have to create two passwords: the first one that you reject because you neglected to stipulate what the rules are, and the second one that actually conforms to the rules – now that I know what they are.
It doesn’t make sense that stating those rules beforehand would in any way, shape or form compromise anyone’s security. And, if it does, one has to wonder just how secure their sign-in process really is in the first place.
This is one more example of companies looking down their noses at and holding their customers in utter contempt. If they had any notion of what genuine customer service entailed, this would not be necessary.