Well, ignoring the account blockage question for the moment: There are exactly zero situations in which it's acceptable for a company to dictate usernames and/or passwords for their employees on external web sites. If you put your employees in a situation where the only way they can reliably recall their necessary usernames and passwords is by writing them down, they will write them down...and so much for the security angle.
As far as the account blockage question, that may be acceptable in certain situations, but only if there is immediately available 24/7 human backup at a toll-free number...and by that, I mean toll-free where the employee is standing. Far too many companies still hold the bizarre belief that "We have an 800 number,..." is an adequate response to the need for a worldwide toll-free assistance...which means that the assistance isn't available outside the US and Canada. Waving your hands and applying the maximum number of mysterious, hard to remember, magic words is not the same thing as providing security, and that's what is happening in a situation like your girlfriend's. So, my solution to these cases in general is to combine a user-selected username, a user-selected password, and 24 hour free access to help. It isn't perfect, but it has a much higher chance of working to everyone's benefit than this system has. Katie At 12:02 AM +0200 3/8/08, Sebi Tauciuc wrote: >My girlfriend is on a business trip in another country, and she was trying >to book herself a plane ticket back (her stay was longer than expected). She >tried to login to the travel company's web site, but she wasn't sure about >the username (picked by her company) and password (she has several), so she >failed the login 3 times. Without any notice, her account was blocked and >she was told to contact the admin/support tu unblock it. I don't know if >they have customer support available in weekends, but anyway now there is a >good chance she may have to book a later flight and spend another night or >two in the hotel. And it all happened in a few seconds. >Maybe this isn't a very common case, but still I was wondering: couldn't >such situations be avoided? Is security a good enough justification to block >a customer's account? How far should we go? > >Sebi >-- >Sergiu Sebastian Tauciuc >http://www.sergiutauciuc.ro/en/ >________________________________________________________________ >Welcome to the Interaction Design Association (IxDA)! >To post to this list ....... [EMAIL PROTECTED] >Unsubscribe ................ http://www.ixda.org/unsubscribe >List Guidelines ............ http://www.ixda.org/guidelines >List Help .................. http://www.ixda.org/help -- ---------------- Katie Albers [EMAIL PROTECTED] ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [EMAIL PROTECTED] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help