Search this site:


Categories:

November 25, 2006 12:03 AM

Broken: Michigan State University Federal Credit Union online security option

TrulyuDavid Mulder writes:

I saw this message when I logged into my Michigan State University Federal Credit Union online account:

MSUFCU announces TrulyU, a new ComputerLine security feature. TrulyU adds another layer of protection to your account. Due to the high number of ComputerLine users, a limited number of randomly-selected accounts will be set for enrollment each day beginning on October 18.

Great! A new security feature to make my online account safer.

Too bad I have to be randomly selected before being able to activate it.

Why didn't they just introduce the option to me if I was randomly selected for the option. Otherwise, don't notify me about the option unless it is currently availble to me!

Comments:

This kind of design failure is rather common. Not that it's not broken, it's just old.

FIRST!

Posted by: Gabriel J. Smolnycki at November 25, 2006 07:25 AM

As a software engineer...

The randomly-selected bit is actually a good thing. It's a limited roll-out of the feature. They apply it to some subset of accounts as the new feature is introduced to see if there are problems, or to balance the load as the systems switch-over, or to just have a balanced, steady stream of new enrolments. It's much better than letting everyone switch at once. If there was a bug, it only affects a few people who can be switched back to the old system, or new enrolments can be stopped as it's fixed. Limited roll-outs are nicer than switching everyone at once to discover that there is some critical flaw that brings the system down for everyone.

The notifying you about the new system is just good communication. If you log in one day and see a new system, but your wife still sees the old one (or vice-versa), one of you might think that you were victim to a fishing attack, or wonder why one of you got different treatment, or whatever, then they start getting phone calls -- all which could have been avoided by putting a little blurb on the login screen. Undoubtedly, someone would claim that it was broken since they weren't being told what was going on and why some accounts were treated differently.

Posted by: J H at November 25, 2006 04:00 PM

This is a common problem, maybe it should be called the "press release effect":

The designers and/or the company rolling out the new feature think that it's so fantastic, that obviously ALL of their users/customers need to know about it ASAP, whether or not they can (or ever will) use it.

But in reality, the vast majority of users don't care about the feature until/unless it actually affects them, and the useless information just competes with information they DO need to know.

If it's really necessary to randomly select users for the new feature, then don't tell them until they're selected, and then make sure the communication is clear enough to avoid the issues that J H brought up regarding fear of phishing and such.

Posted by: Sashazur at November 27, 2006 01:58 PM

Comments on this entry are closed



Previous Posts: