Mar 4, 2009
In a twisty maze of corridors, all alike
Indulge me a brief rant about my mobile phone supplier.
I have an iPhone. I like it – mostly – and though I use it mostly for data (mail, web, twitter) and creative diversions (camera, itunes, a few casual games), I do occasionally use it to send and receive texts and calls, too, and although a boatload of calls and texts are included in my (somewhat extravagant, IMO) tariff, because I’ve been travelling a bit, that means that my bill is sometimes more than just the standard monthly connection charge.
In an effort to reduce the amount of paper I have to deal with, I have chosen to get my bills emailed to me by my provider, O2, who diligently do so every month when payment is due.
The Good
The email they send me contains a figure for the total amount owing (which is whipped out of my bank account shortly after).
It also contains a friendly message about clicking through to view your bill on the O2 site:
The Bad
I am a woman with a lot of passwords. In fact, you could say that I suffer from password fatigue. There are too many in my life, and I’m not alone in this, drowning in a sea of upper-and-lower-case-at-least-six-characters-must-contain-numbers-and-be-difficult-to-guess combinations.
My head hurts.
This is not O2′s fault, just by way of explanation, so I can hopefully be forgiven for forgetting the particular character combo I’ve chosen for their online service, once in a while.
And I do. Frequently. Every month, in fact.
So I do as they suggest, and follow the procedure for reminding myself of the username and password, which is outlined here. It’s easy to be reminded of your login details! Or so they say.
But what actually happens is that you fill in a form like this:
(and you try really hard not to wince at the ever-so-slight misalignment of the text on the two buttons in the bottom right corner)
and then you receive a little code sent to your mobile, which you pop into the relevant box on the subsequent screen. So far, so good. Your password can only be mere moments away from being reset, surely.
And then, suddenly…
Meh? Account number? WTF?
So you search through your online correspondence with O2 hunting for a reference to your account number, and nothing doing. And you gradually realise that the only reference to an account number you vaguely remember seeing is on the flimsy bit of paper you signed when you got the iPhone in the first place, in approximately 7pt type.
Unsurprisingly, you do not have this information to hand. In fact, it’s probably in a filing cabinet in your study at home. Probably.
So you phone up the call centre, and tell them (nicely) that you’re trying to reset your password online, but you don’t know your account number.
And the nice, well-spoken young man on the other end says no problem, that’s fine. He then tells you that in order to tell you the account number, he’ll need your password.
You start to tell him that you’ve forgotten it, which is why you’re calling, but he interrupts to tell you that, naturally, this is a different password; one for using on the phone.
Oh. Right.
And in order to reset that one, you need to answer some security questions…and provide your account number.
It is at this point that you start to weep and/or bite your keyboard in frustration.
Would it be impossible to have a security check/reset flow that recognises that you have:
- access to an email address (verified)
- a phone in your hand (verified)
- the answers to a bunch of security questions in your head
..and that doesn’t require you to produce information you don’t know, or don’t have handy, or can’t easily find?
I would happily, willingly, gleefully pay good money to be able to deal with utilities companies who can provide decent web billing/enquiry/info experiences.
Whatever the future of online billing is, this isn’t it.
if only every one used openID
its all about password repository for me:
http://www.pomola.com/products_passwordrepository/passwordrepository.html
I DID have a comment about this but I’m currently mesmerised by your animated GIF. Brilliant!
Thanks, Gordon – it’s VERY old (that shirt, office and haircut date it back to early 2001, I think) but I thought it was appropriate here.
There aren’t enough animated gifs on the web, IMO.
To make it more annoying (for me) is that I signed up for O2 broadband and had to create a second account — there was no way I could use the same account for another service.
Did I say second account? I meant third. When I bought my iPhone I apparently already had an account on o2.co.uk (maybe it was created when I signed up to be alerted when the iPhone became available) but this couldn’t be used for some reason.
So I now have three different log-ins for the same bloody website.
For the record, I didn’t come here from a Google search, I came here from Google Reader. So the exhortation to subscribe to your RSS feed is a little annoying…
Curses. That shouldn’t happen. Sorry about that.
[frantic tinkering ensues]
OK, I should have got rid of it now.
Would anyone arriving here from google reader mind awfully just checking?
You say you do this every month? The easiest thing to do would be to just remember your password. Or at least remember to put the account number somewhere easy to access: why not just email it to yourself?
And you’d assume that the type of person who knows their account number would probably never forget their password in the first place, but hey thanks anyway.
To be fair to them, if someone had your iPhone and you didn’t have it pin protected, or they’d got past this, they’d also have access to your email address, and account, so just providing information about the phone and email account aint really enough security.
Process still sucks though.
I have the same problem. I reverted to paper billing as it was impossible to remember my login details. It’s not even a username I’d chose, it’s given me what I wanted plus lots of random numbers as my usual one is in use – by me!
You think they might even have an iPhone app to manage your account directly on the phone, with access locked to a 4 digit pin or something.
Oh I was only going to comment to say yes, the banner has gone for google reader visitors, I saw it previously but not today (though it never bothered me enough to moan about it).
When it comes to these things, I just allow my browser to remember the password.
The browser (Firefox in my case) is also protected by a master password, and I sync those saved passwords to my home PC using FoxMarks.
Sure, it’s not the most super-duper secure way of remembering passwords, but it works for me. If I really wanted to have a secure reminder, I’d place them in an encrypted file in my encrypted USB Stick.
Either way, surely it’s easier to use some tool or other (hell, even to store it on your phone, if necessary – it doesn’t have to be in a) clear text or b) easily recognisable, so long as you know where it is) to remember the passwords than go through the same farce every month?
Sure it’d be nice to have a system that used sanity – but if there’s no sane system from the provider, I would say it’s down to the user to provide the sane system.