The Surprising Diversity of Password Retrieval

In the last weeks of my pregnancy the “nesting” instinct kicked in. Since I was no longer working, I had the time to do important chores, such as trying out all the pens in our household to get rid of the ones that were empty. Once I was done with the physical world, I went for the virtual one. I uninstalled unused programs, deleted duplicated folders and my final gargantuan task, was to clean up my online presence.

I knew there was an obscene number of accounts I owned that I would never use again. This was due to the facts that I have lived in different countries, that my interests over the years have changed and that when I was younger I wouldn’t give it a second thought registering to any website. For many of these accounts I had no clue what my password was, so I had to go through the “Forgot your password?” process multiple times.

I have tested this action various times at work, so I thought I knew well what to expect. To my surprise, I encountered an abundance of different implementations varying from air tight secure ones to having the password sent in plain text to my email account. After going through the process at least a couple dozens of times I’ve noted down some factors that seemed to affect the diverse implementations.

Site’s inertia

There still exist sites that have not changed much over the last years. They have a fixed set of features loved by their customers, old and new, who are probably constantly logged in. Those sites had the tendency to have a process with whatever good practices were available at the time of implementation but never revisited since.

Size of the enterprise

Sites belonging to bigger organizations had the process generally in pretty good shape, since mishandling could lead to bad publicity or even lawsuits.

Site’s target audience

Sites that were addressed to technically savvy people seemed to handle the process better than the ones aiming at non IT-related industries.

Site’s location

The origin of the website also affected the implementation of the process. There were some German sites had me jumping through hoops to retrieve my password, including having it sent to me by post (the retro one, with the envelope).

In this competitive market, we always strive to release new features to make our software more appealing and useful to our users. But do we ever take the time to review if what we already have is in a state of the art condition? Should we have an active process of reviewing existing functionality? Or maybe act on demand, triggered by the feedback of our customers?

My impression is that revisiting existing and familiar functionality is a good exercise which can advance knowledge transfer and lead to better, up-to-date, code. The challenge is to find the time to do it in our day-to-day work, rather than wait for the slack of a parental leave.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s