Posts

space

BMO is a little “spaced out” with their error messages

I was attempting to send a money transfer to a friend of mine.

If you’ve ever sent an Interac e-transfer, you’ll know that you need to create a question/answer combo. I decided to use something that Chris and I enjoyed on one of our road trips – deep fried cheese curds from the Blue Door Pub in St. Paul, MN.

When you start typing in your secret answer, the form does some inline validation.

It says “the security response must contain at least three numbers and/or letters.”

BMO's Interact transfer security question and answer fields

Last time I checked, “deep fried” contains at least three numbers and/or letters.

What they actually mean is that you can’t use any special characters at all (well, except for a hyphen, which I just discovered through trial and error).

That’s a bad error message!

march-madness

March Madness… About ESPN’s Password Field

So I was registering to do my March Madness bracket on ESPN (not that I know anything about college basketball – I just randomly picked teams), and it asked me for a password.

Now, the good side of this is that it did inline validation to make sure I was entering valid data.

The bad side is that I got this:

march-madness-espn-password-field

At first glance everything appears ok – there’s a nice little green checkmark. But if you look more closely, it also says “Password Strength: Bad”.

Well which is it, good or bad? They should probably show some sort of password strength meter as long as the password is valid and present errors in a completely separate way – for example, highlighting the field with an error message.

restrictions

Don’t Waste My Time With Specific Formats If You Don’t Need Them

Servers were born to take data in and process it. So requiring the person filling out your form to do the hard work of putting data into the right format is just mean.

This form specifies formats for both the postal code (e.g., G1H 5G6) and the phone number (e.g., 418 877-9286).

This form "requires" data in specific formats (but doesn't actually).

In an attempt to be ornery, I entered data in incorrect formats:

  • Postal code: G1H5G6 (no space)
  • Phone number: 4188779286 (no space or hyphen)

Lo and behold, the form accepted it. Obviously they don’t need data in a specific format, so why ask for it?

push-button-receive-bacon2

Instructions Should Be Written Where I Will See Them

I mentioned a few days ago (This Field is Really Really Required) that you don’t need to mark every required field if they make up the majority of the fields.

However, that doesn’t mean that you shouldn’t point out that all of the fields are required.

This form for a contest for some Quebec hotel does include an instruction that “you must fill in all of the boxes before the form can be sent,” (“all fields required” would be easier…), but they don’t show that instruction until you’re two thirds of the way through the form.

I'm not sure if all of the fields are required or not.

Add to that the potential confusion with the email invitations below – are they also required?

For kicks, I submitted the form without my address filled in (green box in the image above), and I left the email invitations blank too.

Boom. Pop up error message.

Error messages in pop ups are bad. Don't do this. Ever.

Pop ups are bad. Not just because they’re a PITA, but because the form filler-outerer then has to remember what the errors were when they close the pop up.

Side note: I remember being told a story about Vietnamese helicopters (or helicopters during the Vietnam War or something like that) that had emergency instructions printed on the inside of the door. If the pilots needed to eject, the instructions told them what to do. The first step was “Remove door and discard”… well of course once you do that you no longer have the instructions… you get my drift, and if you know the actual story please let me know.

Anyway, I have to remember that my address is missing, and they don’t highlight the field where the error occurred.

And apparently the email invites aren’t required.

My point here is that they should have put the original “all fields required” instruction at the top of the form so that it fell in my visual path, and they should mark the email invites as optional.

network-marketing-validation

If You Must Validate On Submit, At Least Validate Everything

Inline validation is the way to go – checking data as it is entered to ensure that it’s accurate. There are lots of fancy ways you can do this now with Ajax, jQuery, form building tools (Wufoo, JotForm) and so on.

But some (most, really) people still have old servers or old technology or something that means they can’t validate data until a form is submitted. Fine, I get it.

But for pete’s sake, at least validate all of the data at the same time!

In the form below from an H&M contest, I left out my email address and screwed up the CATPCHA. I’ve outlined both in green boxes.

Yet, the form only complains about the email address being missing (also note that it doesn’t highlight the field where the error occurred).

H&M doesn't validate all fields when a form is submitted.

So I added in my email address and submitted the form again.

Now it complains about the CAPTCHA. The error message says “Incorrect captcha value entered.” Will Joe Formfiller know what a CAPTCHA is? Questionable. And, of course, because they don’t highlight where the error occurred, someone who doesn’t know what a CAPTCHA is will have even more difficulty figuring out what went wrong.

H&M doesn't provide very helpful error messages.

RESET-PASSWORD2

Microsoft Outlook Web Access – Password Reset Form

When I’m expected to change my password every 6 weeks, I want it to be as painless as possible (because let’s face it, my brain power is busy being devoted to having to remember a new password).

It seems harmless to begin with, looking every bit like your standard password reset form*.

Microsoft Web Access Password Reset Form

But then you get to the two buttons. “Change Password” or “Continue”. In my confusion, I just hit the “Enter” key, which thankfully activates whichever button is supposed to be pressed.

Microsoft Outlook Web Access Password Reset Form - Two Confusing Calls to Action

Apparently I did something wrong, because I got this error message: “The credentials entered are not valid. Verify that the password entered for the old password is valid, and try again.”

Microsoft Outlook Web Access Password Reset Form - Confusing Error Message

I thought to myself, “that’s weird, I’m sure I typed in my old password correctly.” I pressed the “Continue” button, went back to the form, typed my old password out in plain text in my browser location bar, copied and pasted it into the password reset form, typed in my new password, hit “Enter” (since I still wasn’t sure which button to press), and… ended up back at this error message again.

After trying a couple more times, it occurred to me that maybe the issue wasn’t with my old password, but rather with my new one. It was a password that I had previously used, and I was hoping to reuse it to control the exponential growth of passwords I have to remember. So I tried a more different password (if you don’t get the pop culture reference there, watch this: Trogdor), and lo and behold it worked.

So when they say “there’s something wrong with your old password,” what they really mean is “there’s something wrong with your new password.”

That makes sense. Bad form, Microsoft, bad form.

Footnote

*I understand why you have to enter your old password first (in case you’ve left your account open on a computer and some nefarious person comes along and decides to not only play around in your account but also reset your password so you can’t access it), but in the case of MS Web Access, one of the ways to change your password is to check off the “I want to change my password” box as you’re logging in. It takes you right to the change form above. I would think that in a situation like that, you could omit the “old password” field.

Although now having reflected upon it further, I suppose it’s a safeguard against people who have passwords autofilled… the same nefarious person could autofill your password to get in to your account, but they would still be unable to reset your password. I guess that makes it ok.