Monday, March 1, 2010

FasTrak...example of over the top login protocols

The other day I went to log in to my FasTrak account online. I was amazed at how unfriendly their approach to the simple act of logging in was. It reminded me of how something that should be very standard, has taken on a life of its own and god bless them, but developers and bureaucrats left to their own devices, will get this wrong more often than not.

Instead of a simple username/password, with perhaps some underlying risk based analysis and if suspicious maybe some add'l authentication step, they first make you select one of three different username schemes that you have set up (as if you are going to remember which one you chose) and then once you work through that, they make you pick a 6+ digit password with not only a mix of letters and numbers but one letter has to be capitalized (as if you are going to remember). Then, the icing on the cake, is they force you to enter a CAPTCHA on every log-in.

Now, if I was logging in to NORAD, this approach might be remotely reasonable, but FasTrak?

No comments: