17 May 2017

Debugging Stories: Problems Logging in

I came across an interesting Debugging Story about login credentials that only worked when the user was seated. Whenever they attempted to login while standing, their credentials failed. Until one wise debugger asked the right question. Read the story here, in this book excerpt from Programming Perls by Jon Louis Bentley.

It reminded me of one of my own stories: the new user whose initial password refused to work.

I was part of a small team making a web portal for a medical insurance company. It would let medical practitioners submit predetermination-of-benefits requests before the proposed procedure was performed. We created a first roll-out to three partner offices, with a minimal set of useful features. We called it our Beta release.

Two of the offices began using the system right away. The third could not log in.


We reset and re-sent the credentials for office #3. Nothing changed. The user got a "login failed" message on every attempt.

"Make sure you type the user name and password exactly as they appear," we reminded the user. But still she could not login.

We examined the server-side logs, which were unfortunately pretty sparse on this initial roll-out. But we had enough to see that it was not a connectivity problem, the attempted but failed login appeared in our logs.

We triple-checked our authorization system, to make sure that the user account did indeed exist, with all the same permissions as the other Beta-testers.

With frustration mounting in one-third of our Beta-testers, we decided to send one of our team across town to the medical office, to trouble-shoot the issue on-site. He watched the user enter the credentials a time or two. While he could visually verify that the id was correct, the masked password input field meant that he could not confirm how the password was being spelled.

So he asked the user to please enter the password one more time, but to only use her index fingers on the keyboard. When the user did so, our guy saw right away that the user was inadvertently capitalizing the first letter of the password. Since the password was a case-sensitive mix of lower-case letters and numbers, of course it was failing.

Even after pointing this out to the user, our guy had to audibly shout "fingers up! fingers up!" when she attempted to login again, while using all her fingers. Her unconscious tic was so ingrained that it took multiple attempts before the user could reliably and correctly type the password.

No comments:

Post a Comment