From my Amazon.com Visa January credit card statement.  Anyone know any loan sharks?  They’re bound to have better rates…

Continue Reading

My company recently switched (back) to WebEx for our web conferencing needs.  To begin the signup process, you complete an “email answer-back”, meaning that WebEx sends you an email which verifies that you have access to your email account.

The first step is to assign you a password.

There are a few things that have me concerned:

1. The new password is displayed on my screen, “in the clear”.  Rather than assigning me a made-up password, how about allowing me to change the password right now?  Certainly WebEx doesn’t expect me to remember this randomly generated password.  If the next reasonable step is to change it, allow me to do that right from this screen rather than require me to search through the WebEx plug-ins or website.
2. The password is so complex, I have to write it down.
3. There’s no indication that I’m able to change it, and quite the contrary – a strongly worded message instructing me to remember it.  I darn well better write it down! (I took a screenshot – it was easier than writing)

I’d prefer not to write it down (I don’t have to write down any other passwords – why start now?).  My first order of business will be to figure out how to change my password.

Before getting started, I’ll quickly peruse the receipt WebEx sent out:

I have a dream… That one day, WebEx will refrain from displaying my password.  At this point, I’m assuming the worst WebEx is doing is storing my password in the clear in their own internal databases, though with their propensity to flaunt my secrets willy-nilly, let’s just assume they have a monthly newsletter containing the passwords for all new accounts, distributed to local newspapers and radio stations.

Well, I’m going to give WebEx a piece of my mind.  By sending a carefully crafted letter to customer service, I hope to achieve real results!

WebEx, digging deep into their bag of tricks, surprises me yet again!

Not only is WebEx putting my password in Christmas cards to all of their customers, they don’t want to hear about what I think of such things.

WebEx, you’ve won.  I’ve given up.  I’m walking away, with my tail between my legs.  I’m quietly changing my password and moving on.

Well, not before WebEx sends me a few parting shots.

Is the password “invalid”?  Or does it not meet WebEx’s security requirements?  More than one “letters”?  More than one “numbers”?  With examples of what letters and numbers are?  The “host name” is an “easy-to-guess characters”?

To be clear, I’m not picking on the individual responsible for this dialog and error message, I’m picking on WebEx for choosing to assign work in a sensitive area (enforcement and communication of password strength requirements) to a non-native speaker.

How about something like this?

Here is a dialog:

• That does the work of both dialogs above.
• Indicates which of the criteria have been met (although I should incorporate display of the company and host names just so you’re sure).
• Allows you to proceed while alerting you to your password strength.

Taking this further:

• Distinguish between “required” and “optional” criteria (perhaps with horizontal rule and some labeling).
• Indicate password strength along a spectrum or use of grading.  “Your password is of MEDIUM strength.”

If your password requirements are too stringent, people have to change the way they work with your system, and that’s never a good thing.

Stepping back, if WebEx were to run a survey on their brand after the first 15 minutes, what do you think the results would be?

• “insecure” – passwords in the clear both in the browser and via email
• “sloppy” – customer service email address incorrect, confusing wording/grammar in the password dialogs
• “annoying” – requiring me to remember difficult passwords, not immediately apparent how to change them, excessive password requirements (if it’s stronger than my bank and doesn’t have my money, it’s excessive)

What baffles me about all of this is that this process is undertaken by all of WebEx’s users.  Anyone hosting a conference signs up for an account like this.  The password requirements are so strict that a majority of them will experience at least one, if not both password error dialogs.

After recently finishing The Designful Company and going through the WebEx provisioning process, you realize that it’s not just the product itself…  We’re a world away from the WebEx conferencing software (which works quite well) though we’re still solidly in the realm of an experience that would benefit greatly from design.

Continue Reading

At a checkup for a small break on my left index finger…

“Is your blood pressure always this low?”

I’m not sure, maybe I have a case of the Spanish Handouts?

Continue Reading