I read this article a few days ago and felt the need to throw it up onto Google+. Unfortunately, in the process of sharing it I got a bit ranty and ended up with a rather long post so have decided to reproduce that content here.
I’d apologise in advance about the strong language in this article but a) I have a different view on the offensiveness of that word and b) the author is Australian.
Anyway, worth a read as another interesting case with Google and the Names Policy. This situation worries me (translated as “pisses me off”) on two fronts.
The first, and greatest, concern has been the Google approach to suspensions and appeals. Maybe this has always been the case and I’ve just noticed it more with Google+, but they seem very quick off the mark to suspend accounts with no warning. The follow up appeals then seem to be dismissed off-hand with a stock reply, even when the facts of the matter are quite clearly in the favour of a user. Now, this is not a problem unique to Google – customer services the world over have adopted this model of brainless reaction and it causes no end of customer dissatisfaction. I’ve recently had a run-in with a company who I will be reporting to the ICO partly because they responded with a stock response that was clearly not relevant to the original query, but that’s a story for another time.
Anyway, I expect better from Google. Some will defend this by saying that these are free services, but that doesn’t work. The threat of suspension claims to affect multiple Google services, including Picasa. I pay for increased storage so that I can throw more things into Picasa, so a suspension would indeed impact a paid for service. Bear in mind that we’ve seen suspensions of accounts that are NOT in violation of the terms of service, but have clearly suffered from the ignorance of those implementing the policy. Google needs to jump on this customer service issue quickly – warnings and a more detailed appeal process are the minimum requirements here.
My second concern is a more general one, and touched upon briefly by Stilgherrian in his post – I am always disappointed when developers implement validation / limited options for personal identification based on their own very limited world experiences. In Stilgherrian’s case this has come in the form of Google expecting all names to be of the minimum form FirstName LastName. My personal experience of encountering this massive pain is when I am given a limited set of options for password recovery questions.
I have a pension with Standard Life, and a few months back I was unable to log into their website. Was this down to a technical fault? No, this was down to their fuckwittery. They had recently implemented a need to have password recovery questions, so upon logging in you would be presented with a choice of say 15 from which you had to select 5. It was impossible to continue without selecting these questions. Now, ignoring the general flaws that come with these sorts of questions when they offer such obvious social engineering solutions, we would expect that they are offered such that the user can remember them without having to write down an answer somewhere. They are a fact of identity that you should always be able to recall, right?
Wrong. I was presented with a selection of questions where I could at most guarantee an answer to 2. From 15. The rest were either not applicable to the way I was brought up, or so obscure that it would take me as long to find the answer as any external party! I by no means have had an unusual upbringing, but as an army brat I spent a lot of my youth shifting around the world. That’s not a problem unique to children of those in the services. Unfortunately, this means I didn’t fit into Standard Life’s world view. As far as I could tell, they expect everyone to have grown up in once place, know all of their family, have vivid memories of the street they first lived in and, by golly, you better have had a house that had a number rather than a name otherwise you’ll be in trouble.
Some might say that you could just find a question that’s close enough to something you could answer, but are you really going to remember that 5 months down the line when it’s needed? Or maybe you could write it do …. no, wait, that’s just dumb. So please, if you have to implement such a system in anything you build, spare a thought for the poor bastards who have to use it and, above all, do some real testing. With real users. Find your most exotic friend to run it by. Even better, run it by a cynic. They will point out what could go wrong with your system – it may be an extreme view, but why not be prepared? You can and you should.