THINK before you demand authentication
December 2nd, 2008
Today I got an email from Buy.com asking me to review a cell phone battery I’d bought.
Happy with the battery, and feeling like procrastinating for a few minutes, I decided to do it.
I clicked on the link in the email. Buy.com immediately asked for my email address and password.
Now, which of my 5 different emails did I use for that purchase? I guessed – wrong, apparently.
So, forget it. I was going to do them a favor, but now I’m not.
Why do I have to authenticate myself to review a product I bought? They know I bought it. They know who I am – they sent me the email. So why ask again for authentication? They should have included a unique ID in the link, allowing me to write one (1) review for that one product.
Either some idiot at Buy.com thinks it’s necessary to re-authenticate me (likely following some corporate rule set down by God) or they’re just too lazy to bother to think about the situation.
This kind of corporate incompetence is all too common.
February 4th, 2010 at 7:36 pm
Hi, Dave!
My guess: people treat authentication like hygene; you write your website’s code so that nothing active can be done to the database by a user who isn’t authenticated.
The alternative to having some code that automatically insists no matter what, is to leave open the possibility that users make changes because someone writing a particular page forgot or made a type.
This does fit into the “too lazy to bother to think about the situation” category in a way.
–Steve