Healthcare.gov, why do you taunt me so?

The new healthcare.gov web site sure looks great. Under the hood, though, it’s apparently implemented with Bronze Age web development technology :-(.

I tried to sign up today. After dutifully filling out my name, state of residence, and email address, then choosing a username and password, then answering three required security questions, I got this error:

Account creation failure.

That is:

Important: Your account couldn’t be created.

Please wait a few moments and try again, keeping this in mind:

The User ID you created may already be in use. Try using a different User ID.

The email address you entered may be used with another account. If you think you may have already created an account with this email address, select “Forgot your username” on the Log In page.

Since this was my first time signing up, I figured maybe someone had chosen the same username already, so I clicked on Try Again, expecting the site to preserve my old responses so I could just change the one that needed changing.

Instead, it started me all over from scratch. Yo, healthcare.gov, newsflash: my first, middle, and last names have not changed since the last time I filled in this form 30 seconds ago:

Blank name and email form.

Oh look, the next page is blank too — but okay, maybe that makes sense because I’m probably supposed to try a different username, and it’s common practice for web forms to not preserve passwords…

Username and password form.

…But then… wait, really? You’re going to make me fill in the three security questions all over again? Did I mention there are three of them?

Security questions form.

This is insane. The site knows what the cause of the error was. After all, it displayed the big red error box at me. So why not tell me? And, in the meantime, don’t trash the form values I’ve already filled in that are not the source of the error.

Just to be sure, I tried the mailback option. After all, maybe somehow my email address was in the system already, even though I’ve never clicked a button nor filled in a form field on the site before tonight. No email never arrived, though, and it’s not in my spam folder.

(I’m now 0/2 for Federal web site mailback login links, by the way, as petitions.whitehouse.gov has also swallowed my account there, no longer responding to the password I’m pretty sure I set, and never sending me a recovery email no matter how many times I ask for one.)

While we’re at it:

A username collision could be easily detected as soon as the user types it in the form field anyway. So “the User ID you created may already be in use” is a silly situation to be in in the first place. If the User ID is not unique, then don’t let me go farther; make me fix it on that page, especially since I have to go all the way through the security question choices again before I finally get to an error.

But anyway I’m pretty sure the error is spurious, because I’ve now been through the loop several times, with definitely unique usernames, and it still gives me an error every time.

This is not how we do it in 2013. I am not a happy camper

.

2 Responses to “Healthcare.gov, why do you taunt me so?”

  1. Max Lybbert Says:

    The “that username *may* already be in use” approach sounds like an effort to not accidentally leak information. I think it’s a misguided attempt to not leak information, but it just has that kind of feel to it.

    In my experience, at least, users assume anything cryptic and silly like that must have security implications.

  2. Karl Fogel Says:

    It might be that, yeah. But if they really think usernames could be a security leak, they should just choose a unique number for me, I think (and let my email address be the key by which I recover that User ID Number should I ever forget it).

Leave a Reply