Thursday, October 12, 2006

Strangest user name requirements

When creating my 345th identity at our dental insurance company, I had problems creating a login ID (failed like the first 4 or 5 times until I looked at the rules:

Your user name must be at least 6 and no more than 31 characters. Both letters and numbers are acceptable, but no spaces or special characters may be used. Your username must not contain numbers only. If your user name is 8-character long, the first 6 must be letters and the last 2 must be numbers.
I happened to had chosen a name with 8 characters the first few were characters and the rest were numbers and then changed that to all alphabetic (thinking it was a rule against numerics, then changed it to all lower case and finally hit the help button to see the above rules.

Note the special rules for when the user name is exactly 8 character (sic) long. Strange, very strange.

Tags : / /

1 comment:

Mark Wahl said...

An online reservation creation page for a budget hotel chain I tried has strange requirements, though not for userids, as it does not require the user to create an account at their site. However, the site attempts to perform syntactic validation of the user's email address to which to send the confirmation, but has the wrong algorithm. It forbids plus sign, percent sign, and period in the LHS of the user's address, and dashes in the RHS (domain) part of the address. A case of SQL injection defense gone overboard. Someone whose email address doesn't meet their requirements would presumably need to go get a free spambucket address from somewhere just to perform this transaction. Of course, it's only a matter of time before someone decides to get their name changed to John' AND userid IS NULL --; Smith.