29 November 2012

Product information "security"

Among the specifier's most common frustrations is the requirement to login before getting product information. Just this morning, I tried to get information about metal panels from a well-known manufacturer's website, and was kicked out. Apparently, I had registered some time in the past, because when I went through the registration process, I was told that my e-mail address already was in use. That forced me to either set up a new account, and risk forgetting yet another password, or to go through the "forgot my password" routine. I chose the latter option, with the intent of using a simple, non-secure password I use for all such websites, something like "password".

I was surprised when an e-mail popped into my inbox almost instantly, as most websites have some delay, and some can take a day or more. Do you think all those requests get sent to some poor soul who has to validate them? The response from this manufacturer did offer bring bit of levity to an otherwise dreary morning of grinding out specs for two projects. The temporary password was - get this - x=H=)Xarq%+z+U. Good grief, that looks good enough to protect nuclear launch codes!

After using this new hyper-encryption password, I logged in. And immediately ran into an even bigger problem - finding the information. This company's website has an enormous amount of information, but unless you already know what you're looking for, it's difficult to find. The products are broken into different series, which is a good idea. Unfortunately, some of the series names give no indication of what they are, so I spent some time following links only to learn that I had chosen the wrong path.

The next problem was that, even though the model I was looking for does exist, it does not appear with other products of the same type in one of the selection views. I eventually found it, and downloaded specifications - only to find that the specifications do not refer to the specific model I'm using.

Seeing a "chat" link, I pulled up the chat screen, entered my question, and clicked "send". Ho-ho, these people are having so much fun! Instead of a chat, all it was was a form to send an e-mail. Guess what, guys, the purpose of a chat is to exchange information in real time! Grrr...

Back to "protecting" the information. I assume manufacturers want to know who is getting information, and I can see how that might help both the specifier and the manufacturer. The manufacturer knows someone is interested in its products, and can pass that information on to my local product representative, who then can offer assistance. I'm certain that doesn’t always happen, but occasionally, I do get a follow-up e-mail or call.

I don't object to registering before getting information - once. I don’t mind telling the manufacturer who I am, what company I work for, or even giving my contact information. Those things are essentially public record anyway, so there is no point in trying to keep my identity secret.

Beyond that, I'm not sure why a password is necessary. Is someone going to claim to be me, just to get information that should be readily available? A couple of product representatives have suggested the security is there to keep their competitors from getting proprietary information. As if they couldn't pick up literature at a trade show, or pretend to be an architect!

It would be easy to say I won't specify manufacturers who put up these needless obstacles to me specifying their products, but that would be a disservice to our clients, and would exclude many products I prefer to specify.

What can we do about this problem? I suggest all those who want information from manufacturers' websites prepare a standard response, and send it to the manufacturers each time you have a problem with getting their information. It would be something like the following, but be creative, be humorous, be ridiculous. Just avoid the urge to add profanity, at least until the third time you send it to the same company. Also, take a moment to look up the company's main contacts, as the person getting the "info@" messages won't be in a position to do anything to improve the situation. Send it to the CEO if you can.
Just what is it that you think you're protecting? What is the need for a login and password if all I want is some product information - to specify your product? The point of putting information on the Internet is to make it available. Making people needlessly jump through hoops just makes the information that much more difficult to get, and drives people away. In fact, I am now going to one of your competitors to get the information I need.


  1. Update: I just got an e-mail from the company, saying the product I was looking for is no longer available. It's still on their website, though.

    1. Well said, Sheldon. I'm making a mental note to send your website security message to the next website that wastes my time this way.

      I have the same pet peeves.

      At last count my password list contained 49 passwords and I'm loath to add any more, especially for sites I visit only occasionally. I'm constantly changing passwords for security reasons, having gotten hacked on Twitter and had annoying plugins planted in my blog, so it's quite a task to keep track of all the passwords I really need.

      You also hit the nail on the head about meaningless product names. I don't want to have to click a button for, let's say "Ambassador Series" or "Commodore Series" because it's a waste of my time, a trial-and-error process. The site navigation buttons should be immediately understandable to anybody in the AEC industry.

      And the guide specs are often mismatched, wrong, out-of-date, sneakily proprietary, and not even close to compliance with CSI SectionFormat.