By Chris Cardinal
On February 26th, 2009
I finally bought a Barnes & Noble membership today. Despite almost always buying my books on the Amazon, (a site I much prefer referring to with the definite article “the” intact because it sounds cooler), I occasionally will pick one up from B&N if I really want a book that. day. I was buying $55 or so in books, with one being a bestseller which means 40% off, so I was looking at just over $10 off with a membership. $15 for a membership, sure, whatever.
In trying to link my new account from the store with an online account, it prompts for a security question. I select “mother’s middle name” since things like “what’s your favorite restaurant?” are ridiculously inane as I’ll almost *certainly* forget what I entered, which will promptly be followed by feelings of wanting to stab someone. And then I enter ma’s middle name: marie. Nevermind that the security answer is CaSe SeNsItIvE, (because, clearly, I should also be forced to remember if I proper-cased my answer) it goes ahead and tells me:
Great. Now Barnes & Noble is calling me a liar AND insulting my mother. Swimming performance there, kids. [Really, the error message reads as follows: Your Security Answer is not formatted properly. A Security Answer must be 6–15 characters long, spaces allowed. Remember that Security Answers are case sensitive (i.e., "Dickens" is not the same as "dickens").]
The moral of the story? Don’t enforce ridiculous limitations on a security question if the user’s correct answer might violate those limitations. And don’t insult your customer’s mothers. (CrunchGear blogged about this too, some two weeks ago.)