Password Adventures

More than a year ago, when I had my employment benefits with BAE Systems, I called my benefits center with a general question. The customer service representative refused to answer until I gave her my password. I didn’t have a password, so she told me that they would mail my new password to me.

But I needed an answer, so I tried the website, only to be informed that my new password is in the mail and I should wait for its arrival.

In a week, a letter with a password arrived and I called the benefits center again. I happily told them my new password and opened my mouth to ask my question. However, they didn’t accept my password. Obviously, they had changed my password twice, first when I called and then again when I tried their website. Since only ten minutes passed between these two events, both passwords should have arrived on the same day. But that didn’t happen. So my valid password was still in the mail.

In the second it took me to recover from this news, the customer representative told me that they would be sending me a new password and hung up before I could tell her not to.

A new password arrived the next day. I knew that they had already reset that password, and that I’d have to wait a week for the third password to arrive.

I was tempted to call them again and try to create an infinite password resetting loop, but I actually needed to ask my question. So I threw away my freshly arrived, but no-longer-valid password and waited for a week for the next one.

I was lucky to figure it out so quickly, for otherwise my problem could have spiraled out forever. As a professional specifications writer, here are my suggestions to all benefits centers that have that kind of software on what they should do:

  • Don’t send an extra password if a password was sent not long ago, for example, in the last two days.
  • If two passwords are mailed to a client in the same week, make both of them valid.
  • Use email rather than mail.
  • Don’t request passwords for general questions.

I had to wait two weeks to ask a simple question. Now I am writing and complaining about it in the hopes that someone who can fix the problem will read this. Maybe it would have been more productive to write a program that clicks on the “I forgot my password” button every second. This would have daily generated thousands of letters with new passwords to me. Maybe then this problem would have drawn attention sooner.


Leave a comment