The latest fashion amongst
hi tech service providers,
is eliminating passwords.
They understand that their customers hate passwords however they are taking shortcuts that are denying their customers the ability to control their devices or services. Worse these shortcuts are passing the risks onto their customers
Apple have added a new feature to their Personal Hotspot service on the iPhone. Basically once you've set it up you can no longer turn it off. Sliding the switch in the iphone settings panel to off does nothing. A device that you have allowed to use the Personal Hotspot service on your phone somehow knows that the phone is near, and advertises Personal Hotspot availability. But wait it's switched off right... nope! if the devices user just connects to your phones Personal Hotspot from the device. Your phone will switch the Personal Hotspot service to <ON>
This is not good, an iphone owner that allowed someone to use their Personal Hotspot doesn't appear to be able to stop them having access.
Oh wait, all one needs to do is change the Personal Hotspot password right? Well actually no, Apple have thought of that too! If you change the password, the device that you have already allowed to access the Personal Hotspot has apparently been given a magical password.
To recap: Hotspot switched off on the iPhone, Personal Hotspot Password changed.
When a device that has previously been allowed to connect to your Personal Hotspot comes close to your iPhone, the device will be informed and offer the Personal Hotspot to it's user, who can request connection and "Open-ses-a-me" the device is connected, as if the password change never happened.
This is an issue Apple!
How Apple should have designed the new "Instant Personal Hotspot" feature, was to add it as a selectable option. An option that would allow the iPhone user to have control, ie have agency over their phone. By quietly adding the option and leaving the iPhone owners assuming they had the ability to switch off their iPhone's Personal Hotspot feature, they have demonstrated the worse sort of Password Elimination: #AgencyFail
Another example of Password Elimination: #AgencyFail has been perpetrated by Amazon. When a user is shipped a new Kindle, they ordered it from their Amazon account, with their password.
Amazon must have thought "So we know it's them right, and they won't want the hassle of a password, will they?"
Having ordered the Kindle for my wife, I handed her it to her boxed. Yes, I was very surprised that she could order e-books on her new Kindle from my account without needing my password. She had gone through the install process, which assumed that I was her, and at no time was she asked to authenticate.
This is an issue Amazon!
How Amazon should have designed the no password "One-Click" feature, was to add it as a selectable option. An option that would allow the Kindle user, once they had authenticated, to enable the "One-Click" Kindle purchase feature, ie have agency over their Kindle. By deciding to ship a Kindle that assumed it's user was it's owner and did not require authentication for purchases, they too have demonstrated the Password Elimination: #AgencyFail
I believe that these features are often driven by marketeers who like the idea of making users life so simple it will delight them. But they are missing the opportunity of delighting their users by informing them of and giving them control of new features.
In both instances my experience was far from delightful, in fact it diminished my trust in both companies.
In your own organisation's quest to make your customer's lives easier, be wary of losing their trust and loyalty by denying them the right to control or have Agency over the devices or services you provide them.
As the Internet of Things explodes into our lives, let's hope the growing Password Elimination Fashion is delivered in a manner that does not eliminate our Agency, but enhances our Agency. Though sadly hope has never been an effective strategy!