All Your State Are Belong To Us

I don’t know quite what it is about some websites that just leave me with a bad taste in my mouth.

With Allstate, though, there are definitely a few things that come to mind….

The interface always seemed a bit clunky, for one. Way too many button clicks. Perhaps it all makes more sense when you have many different policies, but — at least for me — it just didn’t flow very well. There were little things they could’ve done to improve things, like automatically choosing my ONLY policy automatically rather than making me choose it manually…

Secondly, there were basic features that I took for granted with other insurance companies, but were seemingly missing entirely from Allstate’s website. The main one that comes to mind are replacement cards. I’m sure at one time or another, everyone has misplaced their insurance card. What is nice about Allstate’s competitors is that their websites typically give you the option to print out your own card. Some companies do this as a temporary solution while you await the official replacement in the mail. For others, that’s the only thing you get from them unless you request one be sent in the mail. This makes things more convenient and saves time for me. Also, if I don’t need them to print out and mail something to me, that’s saving the company money. So not only is Allstate saying a big F-U to the whole “going green” paperless movement, but it’s also just blatantly wasting my time and their money…

I’ve stayed with Allstate more out of lethargic apathy than as a loyal customer.

I’m just not a big fan of filling out paper work, so I don’t switch companies very often — not unless there’s a nice amount of financial incentive behind it.

Since I don’t typically get into car accidents, I have no idea how good their service is when it comes to claims or any of that.

Really, my only experience with them is through my online interactions when I need to pay bills, check my balance, or make adjustments to my policy.

When I logged in this morning, though, I was “greeted” by a screen informing me that my account had been migrated to a new system and I needed to update my information. That’s fine.

Apparently, they were toughening up their password security and added a “security question”. Pretty standard stuff these days, I guess. I’m still not a fan of having pre-defined security questions, but I never use real answers to them, anyhow, so I guess it doesn’t matter.

After filling out the form and trying to continue, I was warned that my new password did not meet their requirements. Hmmm.

Most of it was pretty normal — at least six characters, at least one number, one capital letter, one lowercase letter… yes, yes, I know the drill…

I used another password.


I read the requirements again. Looks like I had missed the fact that the password could only be a maximum of ten characters. UGH!

The password tried using had apparently been longer than that, so it was failing.

Not cool.

I changed it to something temporary that would meet their requirements (and was less secure than my original password, mind you).

Allstate apparently felt that “Password1” was way more secure than what I had been trying to use previously… Nice.

After logging in, I went straight to the account details page.

Is it really necessary to use a drop-down when there are only four choices? And, really, the first two should probably be combined, so it would just be three choices…

Especially when they are displaying all of the choices on the page, anyhow, why not just make them hyperlinks and be done with it? Whatever.

Clicking once to open the drop-down and a second time to choose what I wanted, the Account Info page, I came to the password screen:

I have no idea what “My Online Name” is, but the rest was pretty self-explanatory.

I attempted to update my password to something I would actually be able to remember. No luck. I tried another. Nope.

Apparently, it prevents you from using any of the past five passwords you’ve already used.


I’m not logging into a missile silo or trying to transfer funds to an off-shore bank account, guys.

I’m fine with warning users… “Hey! You used that password two months ago. Are you sure you want to use it again?” Trying to prevent me from using what I want, though, is silly.

When systems only care about the most recent five passwords, it’s just a case of changing my password five more times to stuff I’m never going to use again. Now I can use the password I want.

The bottom line is, antiquated password rules just look bad and make me feel like the company is either “out of touch” or use some old COBOL-based systems or something.

Passwords are a big deal for me. If I can’t log in when I want without having to use some ridiculous password that has to be changed frequently, it’s just not worth it to me.

Share Your Thought