The registration process was going smoothly. I just had to enter a password and I would be able to download my last superannuation statement. I entered the same combination of letters and numbers that I always use for my passwords and hit ‘Submit’. Suddenly, red text flashed up and informed me this password was invalid as I needed to include a symbol. Was I meant to be psychic? With a twinge of annoyance, I added a symbol and again clicked ‘Submit’. No luck. This time it told me I had to include two symbols. With gritted teeth, I persevered. After three more attempts, I ended up with a password that vaguely resembled “saRA80#!”.

Although I had no hope of remembering this password, I didn’t bother writing it down because I had already decided out of sheer annoyance to never to use this online process again. Why was my generic password sufficient for online banking but not for this relatively risk-free task? And come to think of it, why should they get to dictate how strong my password should be? As a customer, this should be my prerogative!

Requiring complex password policies not only frustrates customers; it results in higher costs for organisations. Customers will generally either stop using the online process and revert back to more costly customer service processes (increasing call centre demand with their multitude of forgotten password requests) or  write the password down, thereby defeating the purpose of this security measure altogether.

When security policies have such a negative impact on usability, it’s time to rethink priorities. What’s more important to your customers: an impenetrable password or easy access? Incorporate this into your research to find out, or let the user decide for themselves.

Tags: barriers, Design Issues, password, security, Usability, Usability Tip

This entry was posted on Tuesday, April 13th, 2010 at 14:20 and is filed under Usability Tips. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.