Critique: orcacard.com
May. 10th, 2012 11:38 amOrcacard.com is the website where Puget Sound & Seattle residents go to "refill" their One Regional Card ("Orca" being more regionally topical than "Orc", I guess). The website has to be one of the least user-friendly on the planet. I'm not even sure why.
If you forget your password on most sites, the routine is usually to say, "I forgot my password," at which point the site sends you an email saying, "Follow this link to reset your password. You have 30 minutes to follow this link before it becomes invalid." On the ORCA site, you have to give your full name, zip code and email address, and answer a "security question," before they send you an email.
They email contains a new password. In the clear.
Worse, when you go to change your password, it's almost impossible to do so: the page directing you to change your password malfunctions badly if you forget to fill out both shipping and billing information (!?). If you tell it "Use my billing address for shipping," it reloads the page instead of using Javascript first, so even if you have a modern browser you're forced to fill out the password form a second time.
Finally, when you go to actually add credit to your card, they don't keep billing information. This is an insane level of paranoia: they put you through PICS-plus level security, and don't even maintain PICS-standard data!
Oh, and the visuals for buying credits are so bad it's easy to accidentally add multiples of what you want to add; check your final statement carefully.
All in all, the ORCA card website is a government-mandated disaster.
If you forget your password on most sites, the routine is usually to say, "I forgot my password," at which point the site sends you an email saying, "Follow this link to reset your password. You have 30 minutes to follow this link before it becomes invalid." On the ORCA site, you have to give your full name, zip code and email address, and answer a "security question," before they send you an email.
They email contains a new password. In the clear.
Worse, when you go to change your password, it's almost impossible to do so: the page directing you to change your password malfunctions badly if you forget to fill out both shipping and billing information (!?). If you tell it "Use my billing address for shipping," it reloads the page instead of using Javascript first, so even if you have a modern browser you're forced to fill out the password form a second time.
Finally, when you go to actually add credit to your card, they don't keep billing information. This is an insane level of paranoia: they put you through PICS-plus level security, and don't even maintain PICS-standard data!
Oh, and the visuals for buying credits are so bad it's easy to accidentally add multiples of what you want to add; check your final statement carefully.
All in all, the ORCA card website is a government-mandated disaster.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}