So, as I sit here chatting with an Obamacare agent through this horrendous homegrown livechat window. I’m livid.
I’ll tell you why I’m livid. It’s not because the site is experiencing load levels that their infrastructure can’t handle. It’s not b/c this chat window is hard to read and that the chat agent gives me canned replies and blames it on traffic levels. No, it’s none of that actually. In fact, I can deal with that, I develop software and actually understand how some of the scaleability issues may have been underestimated and difficult to address at such short notice. Nope, that’s not it.
It’s the fact that the basic login system is the worst I’ve ever used. Well, maybe not the worst, but certainly the worst I can recall in recent memory. That’s saying a lot too. I’ve used a lot of sites! So, you’re probably wondering.. Well Jacob, what makes it so bad? Glad you asked!
Firstly, in order to create a username, this is what’s required…
The username is case sensitive. Choose a username that is 6-74 characters long and must contain a lowercase or capital letter, a number, or one of these symbols _.@/-
Wait, what?! A case-sensitive username? Really? Oh, I get it… we’re being more secure! Genius! Now, no one will remember their username, perfect!
Next up, passwords. Now, this actually isn’t a huge concern, I’m all for forcing some requirements in passwords used. This is mainly b/c users, for the most part, are rather stupid, and will use some really bad passwords if you allow them. And, I’m sure, on a site like healthcare.gov, some really really bad ones. But, what really got me about the passwords, was it’s description…
Your password must contain 8-20 characters. There must be at least 1 upper case letter, 1 lower case letter, and 1 number. It must be different from your last 6 passwords. It can’t contain your username or any of these characters = ?<> ( ) ‘ ” / \ &
What, what?! My last 6 passwords? How do you know what my last 6 passwords were? Is this suppose to be some sort of security feature? Sure, I realize that PCI-DSS compliance requires passwords be changed every 90 days. I’m not really sure that level of security is needed here, I certainly don’t want it or care for it. But, let’s just assume it is needed. Why are you storing my last 6(+) passwords? I’m assuming it’s b/c you want to ensure that it’s changed and isn’t accessible for a longer period of time. That’s all well and good, but you now have a database of extensive passwords on hand. That doesn’t make me feel good!
So, anyway, after you’re able to actually create some credentials that will get you through the account creation process. You’ll get an email confirmation. No problem, click the link, account verified, then wait ~90 seconds… for something… (database replication?) before you’re able to login. Great, whatever, I can deal with that.
Whew! I’m now at the login page, finally. So, I plug in my login credentials and click to login. Failed.. That sucks, maybe I already forgot my login credentials. After all, that username is certainly not one I’ve ever used before, or again for that matter! Maybe I’ll request that I’ve “Forgot my Username”. Giving that a try, it’s unable to locate my “Marketplace Profile”. Great!
How about “Forgot my Password”, maybe that’ll do it. So, I punch in my details and success, I get an email with a link to reset my password. I’m now one step closer to affordable health insurance! Or so I thought… The link takes me to a page where it’s unable to locate my “Marketplace Profile”. Now, how is it that you’re unable to locate my profile, but you could locate it to send me a password reset link? How does that work exactly?
So, here I am, unable to login to healthcare.gov in order to get my affordable health insurance I was promised, typing up a post, livid that our gov’t can waste money handing out contracts to people that clearly shouldn’t be developing applications of this scale. I think what bothers me the most, is the fact that I know this contract was handed to someone who’s a friend of a friend of a supporter…
Giving it another go, maybe they’re db is sharded off to unavailable or delayed replication nodes, who knows. I type in my credentials once again. After all, Mariana on livechat said to try later, they’re having issues with traffic. So, I plug away for the umpteenth time, and… success! It looks like it’s going through…
Ya know what… f’it!