Dave Reid

I recently registered both Jenny and I to use the TreasuryDirect website so we could convert our old, obsolete savings bonds into new-fangled electronic savings bonds that I can redeem with the click of a button. I almost think that it pushes the boundry of security vs usability. Once you register, you get a little access card that you use when you login. I really don't mind that so much, but the fact that I have to type in both my password (which has to have numbers, letters and at least one special character) and my access code using the on-screen random-key-locations keyboard is a little annoying. I can deal with the on-screen number pad with my ING Direct account.

The site itself is designed so that if you accidentally hit your browser's back or forward buttons, your session is toast and I have to do the login process again. If you try visiting a help page not in a new tab, you're logged out. I can't tell you how many times I've done this. This is complicated by the fact that it's not clear that you need to press some 'Cancel' button to actually proceed on some pages. As for being able to get to what you need to do within the site itself, that's a whole bigger issue. Just to convert savings bonds, its a convoluted process involving sub-accounts, multiple registrations and hard to find menus.

Now I understand all of these things are designed to make the site more secure and I will rest easy at night knowing that it will pretty much be impossible for someone to hack into my savings bond account. But there has to be some point where there is too much security that it gets in the way of usability. It frustrates me and I consider myself a little above-average web user. For casual web users trying to access it, I would think that it would be even more frustrating. Maybe I'm just a developer thinking too hard about usability...

See also:
http://www.mymoneyblog.com/archives/2006/08/wonkiest-new-security-featur...
http://www.thesunsfinancialdiary.com/random-thoughts/how-can-a-keypad-en...