In case you missed it, I was in the lead of an article on the first page of the business section in The Washington Post this past Saturday: Access Denied by Yuki Noguchi.
Between work and personal e-mail, multiple banking and retirement accounts, two association memberships, photo sites, Web communities, and retailers like Amazon.com and eBay.com, C. David Gammel maintains 130 online accounts, each requiring a user name and password.
Gammel tracks his sundry log-in information in a file on his computer, but on at least two occasions he’s confused or mistyped his password, and been locked out of his SunTrust bank accounts, forcing him to call the bank or look for an open branch to regain access.
“It’s frustrating — if understandable,” said Gammel, a consultant in Silver Spring. He has also been denied access on a news site when he couldn’t remember his log-in information, he said. “I bail on them if I’m having a difficult time,” he said.
I actually keep most 0f those logins stored in my browser and only those for non-sensitive sites. I provided some tips on better managing logins and balancing security with ease of use but that didn’t make it into the piece.
The article is a good lesson for site developers to keep in mind: the plethora of usernames and passwords that people have to manage these days is a real burden and a barrier to using sites in many cases. You have to balance your security measures with the sensitivity of the data you are storing and the value of your service to your customers. It is also critical to unify your own login system so that ONE username/password pair can be used to access all services related to your company.