Tue, 28 Nov 06

Amazing non-customer service

I heard (well, read) about wesabe this morning and thought I’d sign-up to find out what it was all about. During the sign-up process I was asked for two security questions and answers – to be used in the event of me forgetting my password. Although I was unable1 to sign-up and use the service, I still got an amazing ‘non-customer experience’. I was curious as to why they wanted me to answer two security questions in order to sign-up, and emailed them to that affect.

I was about to signup to wesabe but I’ve been rejected by not entering my security questions. I’m genuinely interested in your decision to require two security questions as well as an email address. I get the impression that the current trend is to ask for an email address and provide a ‘reset password’ type link that mails out a new password – maybe you are more aware of this due to the type of data being stored?

That was sent at 08:14. This reply was received at 08:19.

Yes, your guess is spot on. During our preview/beta period, one of the most common requests we had was for password resets. It was easy enough to verify the source of those requests when we knew all of our users, but as the preview group grew, we weren’t able to confirm that we were actually resetting a password for the right person. When we talked it over, we decided to use the model set by PayPal, since that seemed like the closest analog to our service in web applications. Using a combination of security questions and access to a set email address provides two levels of authentication, and that’s what we wanted.

I really want signup to be easier and faster, and yet still have people be able to get back to their data – and only their data – whenever they want. I’m not happy with the length of the signup form, but it seems better than other options I’ve found so far.

If you have suggestions or comments on this, I’d be very interested.

Whoah. That’s pretty cool. Right!? I’ve actually had a very similar experience with claimid. I asked them to change my username and the response confirming their action was through within ten minutes.

In a “we wanna be that cool too” stylee, I’m opening myself up to spam galore2 by offering my email address for your delectation:

chrisroos@reevoo.com

Feel free to email me, why not.

1 There’s a little white lie there to be fair. Of course I could’ve signed up. They didn’t put a spell on me (although that’d be cool) or anything. It’s just that I feel uncomfortable giving out the answers to real questions (mother’s maiden name) and there’s zero chance of me remembering the answer to made up questions (favourite colour/day/smell).

2 I was going to cleverly protect my email addresses from prying robot eyes… but really can’t be bothered.