Originally published on CUInsight.com
If you thought the last post was awful, this one is worse. We’re back to giving bad advice. This time, we’re talking choices, external link warnings, and, because it’s my top pet-peeve, passwords again!
More Options Is Always Better
“Enjoy checking…with choice! Find the account which matches your needs from our 5 different plans. They’re basically all the same, besides a 0.01% dividend. But who cares…options are essential!”
I get the concept: By creating a solution for every possible need, you can appeal to any potential member. Thus, your membership potential isn’t any one category, it’s humans (and sometimes even that is stretched…why can’t your dog share in savings?). Now that I’m thinking about it, a savings account for your pets is pretty cool. You could put away for their essentials, vet bills, unexpected challenges, and more. It’s like a savings goal, but separated in a fun way. Ok, that one is excluded.
Where was I? Oh, yes, choices. My business works primarily with the auto lending side of credit unions. In it, there is one main goal: Encourage the member to get pre-approved. However, people look for a car before a loan (unless they have no clue what they can afford/finance). As a result, many credit unions set up car-buying resources. They include calculators, lengthy PDF guides, and external company links. In many cases, they’re not even affiliated with those outside links! (Keep this in mind, it comes up later) What are you doing? Keep it simple! One link to do the fun “build/find a car” with a partner program (Disclosure: My company offers exactly this) and another to get pre-approved. Those outside company links? They often have their own financing programs. Bye bye loan (or ever knowing that member is looking to buy a car).
You may have heard of the “Paradox of Choice”. Give someone too many options and they’ll never make any decision. In fact, new research shows that this isn’t 100% true (science doubts itself always, boys and girls). What they found was that better options are better. More options for the sake of options makes people do one of two things: 1) Never decide and do nothing or 2) Decide based on meaningless factors (possibly because the important ones are hard to understand or not immediately obvious). If you must offer options, make sure they are equally good and clearly different.
External Link Warnings Keep Members Safe
A vestige of the World Wide Web’s “dark ages”, these are pop-up messages telling the browser that they are now leaving so-and-so’s website, and they cannot guarantee their safety, security, or that delivery will be in 30 minutes or less. You don’t need them. Many credit union legal teams claim they are mandated, but the only reference I’ve ever uncovered is a non-binding NCUA guidance from 2003. That’s Pi, or pre-iPhone. Weather widgets, local news scrollers, and other useless distractions were commonplace on most websites. Sure, if someone was clicking from their online banking to see what the latest news is in Anytown, USA, yeah, I’d want to ensure it was clear that site isn’t us.
You’ve learned a lot since then.
And if you’re that worried about where you are sending members, why send them there? (Remember the post Trusted Partners!) I’ve seen external link warnings on links to NCUA, loan applications, and more. You have legally-binding agreements with these partners or providers! It gives me the feeling these credit unions just said, “The world is a scary place. Let’s terrify our members, too. Oh, and make sure they never use our products.”
Alright, your legal team insists the warnings are necessary. Can’t argue. Just make them friendlier! Instead of a long text field in legalese, create a bright-colored, concise text notice. “Hey, just so you know, this link goes to someone we work with. They’re great, but we have to let you know they might have different policies on privacy than us. Click here to continue or just wait 5 seconds and we’ll get you on your way!” Here’s an example from a client (name redacted). It’s still a bit long for my taste, but isn’t scary if you read it:
Simple, friendly, and still accurate. Always remember your mission. You’re people serving people. The second you adopt the terminology people associate with “big banks”, you’re no different.
So, instead of slapping warnings on every link, be diligent in working with people and companies who truly share your mission. Then you don’t need to warn anyone about anything. And, if it’s essential, be nice about it.
Passwords With Symbols Are Most Secure
We covered this in passing last time. But since the focus was on changing passwords, I want to cover this independently. Your password doesn’t need to go to the gym. And no, your password doesn’t even lift, bro.
Password strength is determined by how hard it is for a computer to figure it out, strictly by guessing. And you know the easiest way to make it really hard? Length. Not symbols. Not using aLterNatinG cases. Not replacing 13tt3rs with numbers. Sheer length. Here’s that amazing xkcd comic to explain why, once again.
If my password was “GoshIneverrememberpasswordsnomatterwhattheyare”, I can guarantee you, no computer in existence today will ever crack it. Yet you’ve already memorized it.
Many recent password leaks have had passwords figured out because the security they used was garbage. I can’t help you there. Insist their system gets an outside security audit regularly, and, if they’re responsive, ask if they’re using salted password hashes. If they aren’t, don’t give them your information.
With good security and strong passwords (ie. long ones), you can enjoy the convenience of online services with little worry of your information being compromised.
I never want to see those, “Your password must include 6 symbols, 2 emoji, 3 different cases, and one name of your favorite pet” prompts again!
And that’s just a bit more bad advice.
Image credit: ArsTechnica, http://cdn.arstechnica.net/wp-content/uploads/2013/05/correcthorsebatterystaple.jpg