Mixed error messagesOctober 11, 2013
Why is it that here we are in 2013 and STILL website error messages are confusing and often contradictory?
I needed to create an account with one of the Australian federal government agencies (yes, ASIC, I’m talking about you!). Easy enough — just my name, email address, phone number, and a password. Not so…
I entered an 8-character password (with numbers and letters), then got this (click the image to see it all [aside: spot the spelling error]):
Hmmm… I tried again, this time adding two numbers to the end of my existing (so now it was a 10-character password with six lower case letters followed by 4 numbers). As far as I could understand that error message, my password met the requirements.
So I clicked Submit again, and this time I got this:
The problem with this second error message was that there was NO ‘entry above’ — it was totally meaningless.
I tried a couple more combinations, still using 10 characters, but converting some lower case letters to upper case ones. Still the site wouldn’t accept my password and I kept getting this second message. I must have tried about five different combinations and was ready to give up… But I’m nothing if not persistent when it comes to technology and especially bad user experience on websites ;-) (It’s all fodder for blog posts like this!)
My final foray before giving up and walking away in frustration was to hover over the question mark next to the password field. I got this tip:
Note that the wording is different to that displayed in the first error message. This time it says that my password MUST contain AT LEAST three lower and upper case letters and three numbers, though it wasn’t clear about whether special characters were required. The first message said OR implying any combination, whereas this one says AND.
I tried more variations on my 10-characters, but still couldn’t get in. Then I had a brainwave — maybe I should try only nine characters and make sure that I had three lower case letters, followed by three upper case letters, followed by three numbers. And guess what? That worked!
So it looks like this password check was quite specific, but the error message and tooltips didn’t tell the whole story. ‘Minimum nine characters’ actually meant ONLY nine characters, and ‘contain at least three’ meant three in ORDER.
No wonder people walk away when online registration forms like this are so hard to use!
(One final thing… the requirement to NOT use two or more consecutive letters from your username [which must be your email address on this form], first, or last name seems particularly onerous. And the requirement in the first error message to not use one of your previous EIGHT passwords seems particularly onerous too. Not that that was relevant to me — I had enough trouble entering my first password ;-) )