Today, I had the “pleasure” to do some more work related to setting up an ING acocunt ( a bank, if you don’t know what that is). On my to-do list: setting up their app. I suspected it to be pretty easy, taking my experience with another banking app into account.
However, when trying to setup the account I was unpleasantly surprised. Sure, I was asked to provide a bunch of my info which I could just read from my bank card. Numbers are easy, aight?
But they also asked for the password I created earlier, for the online banking part. Being the security minded person I am I let my password application create something secure. Pretty secure, using numbers and letters (both capitalized and uncapitalized), and… well, nearly impossible to remember. I mean, it’s stored in my password management app, it wasn’t meant to be remembered.
No problem, I thought. I copied the password and wanted to paste it… and the field wouldn’t let me.
I’m wondering what the “security” theory behind this is. The field forced my hand and made me write down the password. Whenever I switched apps, the password field was reset. Then I had to retype the password three or four times.
In the end I caught myself thinking “Man, had I known, i’d have used something like bank123 instead.”
Guys, if you’re designing an app, make sure you’re not discouraging users from applying safe practices.