When To Hold, When To Fold
Don't you just hate it? When you have to log in to a website, and you enter your login credentials - user name and password. Then an error pops up: "either your user name or password is incorrect." Well, which is it? The user name of the password?
One would think that a person intelligent enough to program the site to say that would also be intelligent enough to program the site to say which is incorrect - the user name or the password.
At this point, the IT gammas are starting to type furiously below, "iT Is MoRe SeCuRe!" (to not disclose which has been entered correctly - the user name or password.) This author could argue that point with great effect, but for the sake of making a point, the point is reluctantly conceded.
So, let's get this out in the open, so that all understand: THE NUMBER ONE REASON PEOPLE HAVE ISSUES WITH YOUR WEBSITE IS LOGGING IN. We all have too many logins and passwords. Nobody can remember them all. This process must be easy, or customers will not spend money on your website.
Some time back, when this author was in the process of getting a website created (but not this website), an IT professional was consulted. The ask was simple - a page that cannot be accessed by the general public and is password secured. The IT professional was very confident it could be done, and this author gave the parameters: password protected, owner approves new users authorized access, and if the user name or password is entered incorrectly, the site must say which one was incorrect. IT guy agreed to those parameters, and gets to work.
A week later, the follow up meeting happens. The password protected part of the site was created and looked good. Immediately, this author logged in using correct credentials and experienced success. After a quick look around, the account was logged out, and another login was attempted, using incorrect login credentials.
Either the user name or password is incorrect pops up on screen.
Rifleman: "This will need to be fixed."
IT Guy: "It iS MoRe sEcUrE ThIs wAy!"
Rifleman: "I want it to say which one - user name or password. That is my requirement."
IT Guy: "bUt It iS MoRe sEcUrE ThIs wAy!"
Rifleman: "Then you are fired. I will create the website myself and simply make the page a 'private page' so someone cannot just click a link. I know that someone without a password could get access to discounts not intended for them, but that is a risk I'll have to take."
IT Guy: "People will get discounts they don't deserve!"
Rifleman: "Maybe so, but at least they will be spending money with me instead of going elsewhere because the stupid webpage does not know whether they got the user name incorrect or the password. You're fired."
The Rifleman got up and left the meeting. To his credit, the IT Guy has called back and tried to salvage the sale... but has never offered to do what was asked. And when directly asked, he again falls back on the whiny voice "more secure" excuse. And he still has not earned a dime from the Rifleman.
And the Rifleman has earned more revenue this year than ever. And not one person has accessed a discount not intended for them.
Comments
Post a Comment
Your comment will be displayed after approval.
Approval depends on what you say and how you say it.