The best kittens, technology, and video games blog in the world.

Wednesday, January 06, 2016

Legal & General has probably the worst website in history of websites

Cally, my little ray of sunshine on a rainy day by hehaden from flickr (CC-NC)

So yesterday I got email from Legal & General (pension provider at my previous place of work) telling me that "Your pension benefit statement is now available online". Of course they couldn't email me the document or even provide some kind of one-click link, nope, I need to go through the whole process.

Whatever, I'll just go there and... website is not available because it's in maintenance mode. Right, that kind of stuff happens I guess. Not to anybody competent who've heard of rolling restarts, but it happens.

Checking it again next day, website is online. It wants User ID and password - somehow missing the point nearly everybody else got by now that email is universal user identifier, but let's not get too nitpicky.

Well, let's check with my password manager - right, here's user ID, here's password, good to go. And nope, somehow didn't work. Did I copy&paste that incorrectly somehow? Let's try again, now with captcha - and now I get error message that after 3 attempts at incorrect login I'm locked out of my account and I need to call some number. WHAT THE FUCK IS THAT?
  • I definitely didn't even make 3 login attempts of any kind
  • Details were definitely correct both times
  • Who the fuck locks people out after 3 attempts? That's the dumbest security policy I've ever seen.
  • The site already has captchas to protect from bots, and bots don't do 3 tries, bot's do thousands of tries, that's the point. Not like any bot would even bother getting someone's pension benefit statement.
  • Calling a phone line, like what the fuck? There's no email, no chat, no twitter, nothing, just phone calls. In 2016.
  • Phone line is "Monday to Friday, 8.30am to 6.00pm" obviously just to be even more shitty.
  • I'm going to remind everyone that it's 100% their fault here, and I'm supposed to make a fucking phone call now.
  • Can someone just write a bot to lock out random people out of their accounts?
Well, they also have "Forgotten your password?" link, so I tried that even though my password manager definitely did not forget it - and obviously it asks memorable question I never answered in the first place (I got those recorded in password manager as well). That's possibly because the fuckers decided to lock me out of my account after 2 correct login attempts.

This is the shittiest usability I've seen I'd say ever, on any website, in about two decades I've been using Internet.

Of course I can't do shit about it, moving however much money I have there (no idea, because it's all locked out) to another provider would be massive pain in the ass, if that's even doable.

And that's why you should ignore silly "benefits" and insist on getting cash.

No comments: