I pay my bills on the same Saturday of every month, and every month sees the same routine: A frustrating experience with one (or all) of the websites that espouse “easy online payments,” only to wind up calling the company and paying by phone. While I appreciate any business that wants to keep my confidential information secure, requiring an increasingly convoluted combination of letters, numbers and special characters only ensures that I will find it necessary to write my password down somewhere and undermine the very security they hope to impose.
I have a technical background, and I know I’m not the only one who suffers this grind month after month. It’s time that bill payment systems see a user-experience overhaul, and I’ve got a few ideas:
Adopt a pay-by-phone-like process
While navigating a phone tree does come with its own set of frustrations, I find the process much easier to deal with. For starters, when I pay by phone I usually need only three identifying pieces of information:
- My account number
- zip code
- and sometimes the last four digits of my social security number
No passwords or security questions, and with good reason: The automated phone system doesn’t allow me to do anything but pay my bill!
Take, for example, the sign in page for Comcast. Along with fields for a username and password, I’m presented with this:
Comcast offers some great features, and if I’m going to use them at all then I expect to have to sign in first. But none of these things have anything to do with paying my bill, and shouldn’t get in the way of my ability to do so.
Let me use my email address as my username
If a company must put their bill-pay feature behind authentication, then making password recovery as painless as possible should be a priority. If I’m only going to use the site once per month, then it’s reasonable to expect that I won’t remember the credentials I signed up with.
Companies can save their customers a lot of frustration by just allowing them to use an email address as their username. Every customer already has a unique one, they’re incredibly easy to remember, and if a customer forgets their password then a reset link can be sent directly to that email address.
Let me decide how secure my password will be
I’ll admit it. I use the same password for everything, with slight variations for sites I’d prefer to be a bit more secure. Nothing frustrates me more than when a company tries to impose a set of arcane rules upon my password creating process. Those rules only serve to ensure that I will forget my password the next time I try to log in. Keep it simple and let your customers use their own judgment.
Security questions based on facts, not opinions
Forming a set of security questions has become a pretty common practice for password recovery. I tend to like the ones that have a preformed list of questions from which to choose, but the quality of these questions are often, well… questionable. My favorite band changes weekly, as does my favorite color and even the memory of which of my many childhood pets was the first. None of these are “facts” in the sense of immutable identifying information that can be readily recalled.
Now I understand that forming security questions and keeping the answers on file can be tricky business. Customers get leery when asked for their mother’s maiden name, or any other information that might be used to identify them on a federal form. But the high school I graduated from, the degree I earned, and the color of my first bike are objective facts and impossible to change.
Making online payments can be a wonderful thing for both customers and the companies they’re paying, but —as with everything interactive on the web— user experience should always be of paramount concern.