I’m a regular customer of Staples, web-based and brick-and-mortar. I’m attempting to reset my online password. This function failed the “that was easy” motto. Forgive my crankiness, but I design and develop web pages for a living and I expect better from a world-class organization like Staples. In accordance with good security practices, I’m using a password consisting of upper- and lower-case alphabetic, numeric and punctuation characters. I am not trying anything tricky like Alt+numeric-keypad characters. I’m using a en-us keyboard layout. Here are the problems with the message I’m getting:
1. “Sorry, but an error has been made.” is atrociously passive grammar. And who has made an error? The operator, the web site?
2. “The information you entered contains invalid characters.” Which ones? The email address or the password fields? The “5″ the “@” the hyphen or the “e” ?
3. “Please try again” How many times should I try again, and what is it that I should try differently?
4. If you have a password policy (like “no punctuation”), you need to tell the person typing it in.
5. If an operator can type it in from the keyboard, it _is_ a valid character. You need to be liberal in what you accept.
Staples, you lost a sale today, and you’ve lost my trust that you know how to run a secure website.