Here’s my vote for worst identity management (IdM) implementation: Medicare
I’ve recently moved house and have endeavoured to do as much of my change of address notification online as possible. Medicare offers some online services, but you have to register to do this. Registration isn’t too hard. You already have a unique username – your Medicare number, but to prove your identity they snail-mail you your temporary password to your registered address. Not great if the reason you are registering is to change your address, but I can live with that.
Problem #1: Change Your Password
A few weeks and a mail redirection later and I have my temporary password. I open up the Medicare site and see the following options (this post has lots of pictorial examples – if you are reading this from the email, you’ll have to click into the posting on the website):
I’m thinking “yep, change my password because I certainly don’t want to keep this gobbledygook one they sent me”. But before I know it, Change My Password initiates the whole send-me-a-temporary-password-to-my-previous-address loop and it’s another 2 weeks until I’m ready to do the “right” thing.
Problem #2: 5 Secret Questions
Secret question and answer solutions are pretty common these days, but Medicare has gone for both the excessive and the open-ended. As part of setting up your account, you have to provide 5, yes 5, secret question/answer combos. But wait, there’s more: you have to make up the secret questions as well as the answers. Exhibit A:
Problem #3: Ts&Cs Every Time You Log In
OK, I’ve got my login, and correctly reset my password. Now I get the standard 2 pages of terms and conditions. Only I get this every time I log in. Sigh.
Problem #4: Last Access Info Yet Another Click To My Goal
I scroll though the long Ts and Cs, click OK, only to get another page that tells me my last access dates and times and yet another click to get to the things I actually want to do.
Problem #5: Higher Access to do Basic Things
Finally I’ve logged in and am at the main menu. I want to change my address. But those options are not links. To do that I have to gain higher access. What the?
Clicking on Higher Access Level take you to another screen, where you have to answer 2 of your 5 secret questions:
Then finally you have to enter your current address as further authentication:
Wonder what their take-up is for online services??
