Recently FAMI, a mutual fund company, launched its web portal. Here's some criticism of the FAMI web portal. I'm still trying to decide a new password so expect a part 2 once I get inside and look around.
I've had lots of experience navigating web portals like these from major companies as well as designing some using HTML and PHP. And so far, FAMI's first shot at it has major usability issues. It is, I'm afraid very much unpolished unlike some of the portals used by big multinational companies.
This is so disappointing since I like the performance of FAMI mutual funds and I invest in them.
OK, here goes.
* I didnt know that I needed to register. I only found out by reading the comments i the FAMI facebook page. There should be a note or something, not just a page with a blank username and password. See Pic below
* When registering, there should be some help since some terms like "COR" might be unknown to the users. Hint: its in the snail mail you receive.
* When registering there are multiple blanks that I dont understand. Aside from the aforementioned "COR", there are multiple COR's and multiple accounts. How the heck can a simple client understand what the multiple "COR" and "accounts" means? Is it one COR/account per person? Or is it one COR/account per transaction? If its the latter then if you bought say 10,000 pesos worth of mutual funds last year then bought another 10k this year then is that 2 accounts? Or maybe yo just have to fill in the first account only? Look at the pic below and you can see how a normal person might be intimidated
update: The FAMI facebook says that you only need to input one valid COR. You get one COR every time you buy MF's. Its in the letter they snail mail to you.
* I didnt know that i should recieve an email. I only found those out from reading the comments here. You should have a small note that says "an email will arrive with your username and password bla bla bla"
* after registering there is a number generated. There is no note that explains what the number is for. And so far I see no use for it except maybe as a reference number if for some reason your registration has a problem
* It takes some time for your email to arrive. A day or so. A note explaining that it would take a day or so would be nice
* The email gives you 2 pieces of info: User ID and Password. But when you try to log in, there is a password blank but there is no User ID. There is a username blank but some people might not get it. From my experience in databases, changing the name of a variable can cause lots of confusion
* When you first login with the userid and password emailed to you, you are required to change the password. OK thats very much standard procedure. Good
* However the website is set up to be VERY VERY strict with creating a password. Look at these restrictions
- Password must have at least 1 special character.
- Password must not contain your user id.
- Password must have at least 1 capital alphabet.
- Password must have at least 1 lower case alphabet.
- Password shouldn't contain date aspect.
- Password shouldn't contain consecutive character.
- Password must be alphanumeric.
- Password must not match with your 5 old passwords .
- Password should be greater than 7 characters
and less than 14 characters.
Security is good but TOO MUCH security is bad since it makes remembering the password hard. Heck, even inventing a new password that passes all these (specially the consecutive character thing) is hard. There is a time for idiot proofing stuff but this goes too far and is condescending, treating the user like a child.
* "Password shouldn't contain date aspect". What the heck does that mean? I'm getting a rejection like that even if my password only contains among it s characters a single number.
* "Password shouldn't contain consecutive character ". Hard to explain but lets give an example. the word "password" fails that rule because it has 2 letters in succession, s and s. Removing one s would make it pass that. At least I think so. Not sure.
The end for now.
UPDATE: part 2 is up