Ridiculous Account Requirements on SprintPCS.com

This is a break from my regular vein of [not] posting, but I’m livid enough that I need to write this. I’ve had SprintPCS cell phone service since 2003, and have been generally pleased with the service. It’s all subjective, of course, but I haven’t had real issues with dropped calls, and their data services (1xrtt, evdo) have been quite good to me. I log in to their web site regularly to check my account, pay bills etc, and it’s worked perfectly for the past several years. Apparently that was unsatisfactory for Sprint.

Today when I tried to go pay my bill, I logged in as I always do. However, instead of being greeted by my regular account overview page, today I was faced with a page instructing me that I was being required to create NEW account credentials. I tried to create my regular username, and was informed that I could not use any special characters (i.e. an underscore). Although this is a pretty dumb restriction already, I have run into this on various sites, so I was willing to accept this and go on with my life (and without any special characters in my username).

Here’s where the real stupidity began. A few keystrokes later, I had modified my username to eliminate any malicious characters like underscores, and was naturally proceeding to enter my password. Sprint had other plans. Apparently it’s not good enough to have a secure password any more–usernames must also meet complexity requirements. (If you’re not familiar with the term, this is the general name for all the crazy rules like Your password must be at least eight characters, but no more than nine, must contain three letters, two numbers, at least two special characters, and cannot contain a word or portion of a word.) What? Complexity requirements FOR MY USERNAME? I guess we should just have two password fields now. Or maybe three (more on that later). I briefly tried hacking their javascript, but was unsuccessful, so now my username can be described by the following formula:

[regular username] – [special characters] + 1

:sigh: (I guess I should just be thankful that my username at least [barely] met the length requirements.)

I started to enter my password, and was shocked to see the letters appearing as readable text on the screen! I guess the people designing this application have never used a computer with another person in the room, or they might have considered that was a bad idea. Don’t worry too much, though … once you click on the field, the password turns into asterisks. I guess it must have been fun with JavaScript day at the Sprint development office. :roll-eyes:

Lastly, there’s the PIN. As if the password-like requirements for the username, and the password itself weren’t enough, I’m now apparently required to create another PIN … even though I already had one. But this one must be more secure because it has to be stupidly long, unlike every other four-digit PIN since the beginning of time. I feel so safe knowing that I now have three SUPER SECURE identifiers for accessing my account … two of which were emailed to me (in cleartext, obviously) immediately following their creation.


Leave a Reply