Sharing Painful Experience of Resetting Password on GoDaddy

Forgot Password Screen — GoDaddy

Recently, I wanted to purchase a domain on GoDaddy. I searched and found the domain and started a checkout process. However, I was unable to recall my all password. So, I decided to reset the password.

When I saw a reset password screen, It asked for “User Name & Customer #”. I was not sure of these two fields. I got an idea of checking these on my gmail inbox where I would have received user name or customer number in previous purchase orders. I found the customer 8 digit number and pasted on reset password form.

When I saw a second field that is “Email Address on File”. I found it surprising and too technical.

Third field was a Security Challenge. Wow! It’s a google reCAPTCHA. It’s difficult to accept as a security challenge.

Let’s see how this experience can be made better:

  • Field of user name and customer can be removed if possible. It creates unnecessary trouble for the user.
  • Instead of Email Address on File label, it can have a simple label such as Your Email Address.
  • No need to captcha as a security challenge. Users are not here to take any challenges. They simply want to reset password. In fact, google provides an invisible solution for the captcha. More information: https://www.google.com/recaptcha/intro/android.html

Reset Your Password (Emailer) — GoDaddy

When you click on Reset Password link from your mailbox, you are redirected to webpage (see below).

Reset My Password — GoDaddy

You could see two text fields namely “Username or Customer#” and “New Password”.

Luciky, this time you do not have enter Username or Customer#. It’s auto fetched based on emailer link. But, you need to enter “New Password”. When you start typing a new password, it give a hint about password “Criteria” and you need to follow all of them to Reset.

Five criteria for resetting your password:

  • Password cannot start or end with a space
  • Include a lower case letter
  • Include an upper case letter
  • Include a number
  • be 9–50 characters long (9 more)

That’s a lot. right?

Few questions immediately comes in mind after seeing this:

  • What is a need of showing “username or customer #”? Does it make sense to keep it on Reset Password link? Would user be interested to see their customer number while reseting password?
  • 5 criterias — too much. One has to put a lot of efforts to identify a new password that matches all of these 5 criteria. And remember, a user is someone who has forgotten password and he/she should be in deep pain already. It would be like an exam for them to remember password that matches software’s criteria. isn’t it? You not only have to calculate the length of password but also follow all these criteria.
  • The order of 5 criteria is also interesting. The list gives highest importance to “Password cannot start or end with a space”. This entails that godaddy would have observed in early days that many users would be using space in start or end of password.

Last but not least. when I entered a new password. I got a message that “You can’t re-use your last 5 passwords. Please choose a new one. That was a big surprise and it’s a hidden criteria number six. I was literally thinking hard to identify sixth password that I should not be from last five passwords and also I should be able to remember this time. Such that I do not have go through this painful process.

This time I have written my GoDaddy password in my personal diary.

Would love to hear your opinion. Please suggest up to what extent we should compromise User Experience due to security aspect.