Password complexity
It’s that time of year again and I’m on the hunt for a good car insurance deal. Not wanting to repeatedly add my details into a dozen or so sites I thought I’d make use of one of the many comparison sites to do the leg-work for me. All good so far, until I had to create a password to go with my personal information. Now most sites stipulate a pasword between say 6 and 12 characters, sometimes requiring letters and numbers if they’re being concious about security. Not so insuresupermarket.com. No, they require exactly 8 characters, letters and numbers, and no characters to recurr more than twice. I have to say I was hard-pressed to come up with a password that I’d remember which matched these tight requirements. This coming at the end of a long form-filling exercise is not the best way to garner repeat customers.
Ironically I now can’t find anywhere on their site to retrieve a saved quote.
Not only that but their form validation only validates one field at a time, meaning that if you miss a couple of required fields you can end up having to resubmit the same form several times.
Thank goodness this is a once-per-year event.
Posted: Tue 14 Nov 2006
Comments
-
Andy Haigh said:
Adam, I agree with your concern over the password complexity that we use on our Motor Insurance site. In fact we have recently being making changes to improve this and this will be going live very soon now. However, let me explain why we have such tight constraints on our password and what it is used for:
We use the password that the user enters for 2 reasons:
•for the user to retrieve their saved quote from some of the insurers sites
•we also email you a link to our results quote page and the password is used by the user to access thisThe issue that we face as an aggregator, is that the insurers use a range of constraints on their password validation. This means that the password our user selects needs to meet the password constraints of ALL the insurers where we pass through the password from our site to the insurers sites. It would be much nicer if the insurers used a common set of validation rules.
If you would like to discuss this further, please don’t hesitate to contact me (see below).
Andy
Andy Haigh
Insuresupermarket Product ManagerMoneysupermarket.com Financial Group Ltd
Moneysupermarket House
St. Davids Park
Ewloe
Flintshire
CH5 3UZ
Tel: +44 (0)1244 665740 (DDI)02:20 PM on 15 Nov 2006
-
Adam said:
Hi Andy, thanks for dropping in and explaining the issues behind the form. I look forward to seeing the improvements you’re making.
You might also want to take a look at the code that makes your advert pop-ups work fine, but the pop-up which is meant to inform me about your privacy policy before giving you my email address delivers nothing but a blank window (using Safari - I didn’t fancy going through the whole form again in other browsers just to test it out).
It is a great service, it’s just a pity the design of the form - the principle user exerience on the site - lets it down so much.10:09 PM on 15 Nov 2006
-
Andy Haigh said:
Adam
The improvements to the password question went live yesterday. We now just use the password so that the user can retrieve their emailed results.
I’ll get one of my team to look at the blank pop up problem.
FYI, we are spending a lot of time and effort improving the user experience of the site. We are currently revamping the results page and the details page. We also have a project started to allow the user to login to the site and save/restore results and quote profiles but that will take a little longer.
Andy
04:03 PM on 17 Nov 2006
-
Graham Bartlett said:
Well bugger me backwards with a bargepole if I didn’t have my random once-yearly look on Friends Reunited, think “hey, Chris isn’t on there, I bet he’s googlable with that name”, and Google popped up the both of you on here! How’s things?
Graham.
PS. In case this doesn’t give you it, my email is .
11:17 PM on 27 Nov 2006
Comments are turned off for this post.