post

Comcast Web App Fail

Shouldn’t someone in charge of web applications for a major company like Comcast review error messages and customer processes? I sure thought so until today when I attempted to set up my wife as a user on our Comcast account and it wouldn’t accept my password attempts.

Here’s what happened and why Comcast failed me as a customer (though their social media support caught me). The reason why it failed will surprise you. Why should you care about something as mundane as an online password issue that happened to some guy who blogs?

Because the issue I just experienced goes beyond a simple online password process that didn’t work very well. You should care if you, like many of us are, responsible for overseeing web and mobile app creation and care about customers and their experience with your company or brand. You should care if you are a user of web or mobile applications and give a damn at all about password security. You should care if you don’t want to invest your personal time, energy and effort in dealing with password security when the web or mobile application is broken and has been that way for years.

Here is what unfolded in the space of 15 minutes:

  • Logged on to Comcast.net (their consumer site) and went to add my wife as a new user on our account
  • Completed the username info, password and security question
  • Received an error message that the password was incorrect and was informed that, Your password must be 8 – 16 characters. It must contain at least one letter, and at least one number or special characters (!”#$%&’()*+,-./:;<=>?@[\]^_`{|}~), may not contain your first name, last name, User ID, username, and cannot contain spaces.” 

No-shit-Sherlock…I do this all day, every day and know how to create and use secure passwords and usually can grasp the underlying algorithms and how they work (if they’re done correctly, that is).

  • Tried again. And again and again. 
  • Used a different browser with zero cache (cookies, etc.). Didn’t work. 

So I do what I’ve done before: I reached out to the Twitter account @ComcastCares and was contacted within a few minutes by the local Twin Cities guy @ComcastWill (who, by the way, has been super-helpful to me in the past on a couple of issues and I just forgot to reach out to him at the outset).

He and I connected and direct messaged on Twitter so he could look up my account. He then set my wife up with a username and temporary password and DM’ed them back to me. Problem solved (or so I thought).

Two huge issues with what the web app did not tell me, the user, with that error message you see above:

1) The username I’d put in was not available but the web app error feedback did not tell me that and then allow me to try another username (like you’ve undoubtedly encountered on other websites when signing up and the input box instantly tells you if the username is taken)

2) After logging in to my wife’s new account using ComcastWill’s temporary password, I then tried to change the password using Comcast’s exact error message text which I’d copied-and-pasted in to a text editor. It didn’t work. Tried it again but it didn’t work. Again and nothing. Once again, the error message did not tell me what I was doing wrong trying to do a password change.

Then I remembered… 

THE SURPRISE
Much to my surprise the Comcast.net error message did not tell me something that I should have remembered from years ago when I set myself up with my usual secure password on the Comcast.net website: The error messages are incorrect and do not fully explain to the user on what modifications to make and what to enter! Even back then Comcast.net would not allow me to input my secure password, even though it only contained several “special characters”, and it wasn’t until I stumbled across the “fix” that my jaw dropped:

If a user tries inputting multiple letters in their password it means that one of those letters must be UPPER CASE and one of them must be lower case. I was stunned when I went ahead and put in a strong password for my wife’s new account but this time changed the case sensitivity in the words and it was immediately accepted.

You’ve GOT to be kidding Comcast. You still haven’t changed this broken process? Why don’t you simply add to that error message something like, “If your password contains more than one letter, make certain one of them is UPPER CASE and one of them is lowercase.” 

Again, Comcast’s password process and incorrect error messaging has been this way FOR YEARS. I can only imagine how Comcast customers are befuddled by this goofy process or, more likely, why so many people just use passwords like MyDogSparky1 and other laughably insecure passwords (or, like me, don’t bother to use Comcast.net). 

Doesn’t anyone in Comcast’s leadership ever do what I do and log on and go through their own app to see what a customer experiences? No doubt the answer is “nope.”

About Steve Borsch

I'm CEO of Marketing Directions, Inc., a trend forecasting, consulting and publishing firm in Minnesota. Prior to that I was Vice President, Strategic Alliances at Lawson Software in St. Paul where I was responsible for all partnerships at this major vendor of enterprise resource planning software products and services. Read more about me here unless you're already weary of me telling you how incredible and awesome I am.

Leave a Comment