When online form validation goes wrong
In 1963 our family moved from England to Aotearoa New Zealand. Back in London our phone number was like this: CROWN42. That’s fake, just to be on the safe side, but yes, it had a word and numbers.
So when an online service years ago had me set up challenge questions, and before the days when I was smart enough to make up random answers*, a challenge that asked for my first phone number was answered with CROWN42.
Then today I was challenged on login, and the challenge form told me to enter numbers only. I duly entered 42 and was rejected! I tried again. Same result (funnily enough), with 3 tries remaining…
In the end I entered CROWN42 and achieved login.
So, there’s something wrong in that system. The creator of the challenge didn’t know that phone numbers could contain letters. The system allowed me to enter letters — both in setup and then in the form that claimed I should only enter numbers.
- These days I’m so much smarter when setting up challenge questions: they ask for mother’s maiden name so I enter something made up on the spur of the moment like
blueberriestastegood. Then I make sure to record these questions and random answers somewhere safe.