Allow me to share with you one of the most bizarre and infu­ri­at­ing login forms I have ever seen. This is it, the one for CPP Iden­tity Protection.

Exhibit A: ‘wut.’

Yeah, you read that right. “Pass­word or user­name” fol­lowed by “E-mail address”. The site drops hints that appar­ently pass­words are dis­con­tin­ued, and since last year every cus­tomer has a user­name instead. Er, guys? Do you even under­stand how this works?

So when you join, you get a let­ter that con­tains your user­name, which is a pretty short alphanu­meric string. It’s pretty much… a pass­word. Not a very good one, but still.

First time you log in, you get a delight­ful series of prompts that up the WTF fac­tor even more. The first one is “change your user­name”. My first reac­tion, as I guess it is for a lot of peo­ple, is “yeah, this alphanu­meric string is crazy-hard to remem­ber. I’ll just use the same user­name as I use every­where!” I actu­ally got as far as typ­ing ‘tsuki_chama’ in the box before I realised. That would leave my online han­dle and e-mail address — both publicly-known infor­ma­tion — as the only things pro­tect­ing my account. On a web­site that deals with iden­tity theft. Whaaaaat?

The sec­ond prompt is for the “user­name reminder”, i.e. pass­word reminder, assum­ing you left your ‘user­name’ as a password-like string. Now there was no lim­i­ta­tion on what you could have as a user­name, I guess you could have “abc” if you wanted. But here, your pass­word reminder, is another story. There’s a drop-down box of Secret Ques­tions, the usual sort — first pet, mem­o­rable place, etc. You have to pick one, there’s no free entry. And then you enter your answer to that secret question.

Which must be at least 8 char­ac­ters and include at least one number.

Geez, do you think there might be another authen­ti­ca­tion field that you might want to apply that restric­tion to instead? But yeah, I’m fine, because I had a pet ham­ster called ROBOHAM-877.

So yay, the only vaguely secure string you’re pro­vid­ing is your pass­word recov­ery answer, which is not needed to log you in at all, only to recover your bizarro-username in case you for­get it, assum­ing you didn’t just go with the flow and set your user­name to the same damn user­name you use every­where else.

Iden­tity. Pro­tec­tion. Fail.