The other day I sent a Section 71 document (a ten-year trademark renewal document) by means of the TEAS system to a foreign client for e-signature. The next day the TEAS system reported that the document had been e-signed. All that remained was for me to pay the $100 government fee. I figured this would be easy. I figured wrong. The Financial Manager system made it very difficult. The Financial Manager system locked my account and it was a lot of trouble getting things working again. Here are the details:
As I mentioned, the trigger for today’s activity was the email from TEAS telling me the good news that the client had e-signed the renewal document. I opened the email, clicked on the link, and eventually reached the page that invited me to log in to Financial Manager.
Logging in to Financial Manager is always a big annoyance and a lot of trouble. A first problem is that even if I already logged in to FM, if the login that I already did was more than fifteen minutes in the past, then the FM system will have forced me to log out without telling me so. (This fifteen-minute forced logout is a disaster and it broke a promise that USPTO made several years ago, as I blogged here. USPTO should permit the user to pick how much time passes before the FM system forces the user to log out. 81% of users would use that feature if it were available.)
But this is not the only reason that logging in to Financial Manager is always a big annoyance and a lot of trouble. A second reason is that the designers of FM failed to permit the user to freely pick his or her password, and instead forces the user to include unwanted upper-case and lower-case letters, numerical digits, and always at least one special character that requires three fingers to type it. A third reason is that the designers of FM failed to permit the user to pick the length of his or her password, and instead forces the user to pick a password of at least twelve characters.
(Why do administrators of systems like FM force users to pick such long and impossible-to-remember passwords? It turns out, as I will explain in a later blog article, that such administrators do this because of a lack of confidence in their own ability to appropriately secure a particular data file that contains “hashes” of the passwords.)
A fourth reason that logging in to Financial Manager is always a big annoyance and a lot of trouble is that the designers of FM decided to force each user to change his or her password no less often than once every sixty days.
These unfortunate system design decisions actually make the FM system less secure rather than more secure, for the simple reason that these decisions force the user to write down his or her password and tape it to the computer screen.
But returning to today’s annoyance with FM. So I needed to pay the $100 fee so that my client could renew its trademark registration. I clicked through the TEAS form and eventually reached the page for signing on at FM. It had been a few days since last I logged in to FM but I was pretty sure I remembered all sixteen characters of my password as well as the particular smiley faces and other special characters that I had selected to satisfy FM’s requirements. I tried to log in. The FM system told me that something was wrong (but would not tell me what). Maybe the FM system was case-sensitive regarding the email address? I had capitalized the first letter of the email address, and maybe that was the problem. So I tried again, forcing the first letter of my email address to be lower case. Again the FM system told me that something was wrong (but would not tell me what).
I’m not sure how many times I kept trying. I think it was four times. And at that point, the FM system locked my ac
count, as you can see here. I will mention what the standard polite behavior is for such systems in 2016. The standard polite behavior is that the system will count down. If you only have two guesses remaining, the polite and nicely designed system will tell you that you have only two guesses remaining before the account will be locked. If you have only one guess left, the polite and nicely designed system will tell you that you have only one guess left before the account will be locked.
With such polite and nicely designed system, the hapless user will be able to avoid the disruption and unpleasantness of a locked account. The hapless user (who by definition is not at his or her regular computer screen location) simply places a telephone call to a co-worker to ask him or her to go look at the password taped to the user’s computer screen and read it over the telephone. Or if the hapless user has noted the password in a computer file somewhere (and by definition is not nearby to that computer), the user can get in a car and go to that computer and open the file and read the password. These are preventative measures to keep the user account from getting locked.
You can guess where I am going with this. The FM system is not polite and not nice about this. It silently keeps its own count of the number of remaining guesses and does not tell the user. The user then inevitably gets a locked account.
What can the hapless user do when FM has locked the account? FM tells the user that this is actually no problem. FM tells the user (as you can see above) simply to click on the link for a “forgotten password” to do a “change password”. And this procedure would not have to be much of a problem. The user would click on the “change password” link. Then the system would send out an email to the user and the email would contain a link that the user clicks on, to pick a new password. Not a big problem.
So I clicked on the “change password” link. You might think that the designers of FM would make it so that when you click on “change password” you would get an opportunity to change your password. But no! The designers of FM made it so that when you click on “change password” what you see next is this:
So the link to “change password” does not actually go to a screen that lets me change the password. Instead it goes to this new screen that merely tells me what I already know (FM has locked my account) and tells me to click on a link to “contact customer support”.
Now you might think that when you click on the “customer support” link on the “we locked your account” page, it might take you to a new page that makes it easy to talk with the FM people who are responsible for unlocking user accounts. But you would be wrong. When you click on the
link, this is where you end up:
There are several disagreeable things about this situation. First, of course, is that this means that if the FM people locked your user account, and you had the bad luck that they chose to do it on Saturday or Sunday or a holiday or after 8PM Eastern Time, you are stymied for hours or days, until the next time that this office is open again.
A second disagreeable thing about this situation is that even if you are lucky enough that the time of day that FM picked for locking your user account falls during business hours, it is no easy trick reaching a person who actually can help. There is a robot attendant that is designed with several goals, including (a) if possible, preventing you from reaching any human being at all, or (b) failing that, preventing you from reaching any upper-level person and confining your options to front-line people.
A third disagreeable thing about this situation is that the robot attendant is designed so that in general you will be unable to guess which combination of button presses would actually get you to someone who could help. The robot attendant first offers that for help with trademarks, you should press 1. Well, this problem is a trademark problem. I am trying to file a trademark renewal. But I can promise you that if you press 1, you will never reach the right person. If you press 1, you descend into a place of no escape, filled with things like recorded messages about what a trademark is.
Having learned that pressing 1 is a mistake, I then tried pressing 3 for technical assistance. The robot then asked what kind of technical assistance I wanted. The first option was to press 1 for technical assistance with trademarks. So I pressed 1. This brought me to a very cheerful person named Dorothy who clearly wanted to be helpful. She explained that regrettably she could not actually help with my problem but she would transfer me to a different place where I should press 3 and then 4 and then I would reach someone who could help me.
There were then a couple of beeps and then a robot with a male voice said “unassigned number” and then a robot with a super-chipper female voice said “thank you for calling – goodbye” and then the USPTO had hung up on me.
I punched redial on my phone, and then dialed 3 and then 4 (guessing that the previous instructions might work with this telephone number) and Lauren answered. Her first question was “have you waited fifteen minutes?” Which made me wonder, if there is some undocumented thing about how the FM account-locking system works that involves waiting fifteen minutes, then maybe the FM people ought to document it somewhere, like maybe on the screen that says “we locked your account”.
I then explained that yes, more than fifteen minutes had passed since the FM system locked my account. She then said she would have to “escalate the call”. It turns out that “escalating the call” does not actually mean I get to speak with someone who will help. She explained that “I will hear back within four hours”. I figured it meant I would receive a telephone call, but she said no, what would happen next is that within four hours I would receive an email message.
And indeed after some hours I did receive a terse email message telling me that the FM people had unlocked my account. And indeed I found that I was once again able to log in at FM.
We could try to make a list of all of the things that are nuts about this aspect of FM. One thing that is nuts about this is that (see above) the FM people refused to just let me reset my password, and demanded instead that I place a telephone call, because “we’ll need to know who you are”. And yet at no time during any of my telephone calls to the USPTO did anyone do anything to confirm “who I am”.
Anyway I then used the FM system to pay the $100. The client’s renewal got e-filed.
To review:
- The designers of FM need to let the user pick how much time will pass before the FM system forces the user to log out. The permitted range of times needs to include “all day” or “eight hours” or something like that. 81% of users would use this feature if it were available to them.
- The designers of FM need to let the user pick the length of password that the user wishes to use.
- The designers of FM need to let the user pick the password that the user actually wishes to use.
- The designers of FM need to let the user pick when (if at all) to change a password.
- The designers of FM need to do a “count down” before locking a user’s account.
- The designers of FM need to make the unlocking process available 24×7 instead of making it unavailable during evenings or weekends or holidays.
- If there is not actually any need to “know who you are” to do the unlocking, then the unlocking process ought to be directly available to the user with a single mouse click instead of being mediated by human beings who can only be reached through a difficult-to-penetrate robot attendant and who only take action after some hours.
I feel for you. However, this scenario for resetting your password is ridiculously funny! Administrative paperless work. Thanks for the laugh.
Holy crap, that is insane.
I too am annoyed at FM’s failure to permit a user to freely pick a password. But to find out that it locks up on you without prior notice, and then forces a telephone call through the USPTO’s system, that’s just nuts.
Thanks for posting. I’ll consider myself warned not to attempt too many logins into FM without having my password handy.
Carl, love how diligent you are at writing about the numerous failings of the USPTO. Keep up the good work!
It would be difficult to design a system that works but is more painful to use. Maybe I should not say that, the good people at the USPTO may take this as a challenge…
I learned recently one trick to select passwords that are close to impossible to guess by others, but easy to remember. The trick is to use a sentence or phrase of sufficient length and use, for example, the first letter of each word as one character for the password. For example, “To be or not to be, that is the question”, gives “Tbontbttq”. This provides a very secure password that is impossible to break without using a brute force attempt that tries all character combinations one after the other, if the server implements security in any satisfactory manner. You can use the second letter of each word if you want to be less conventional also, or alternate between first and second letters from word to word. The possibilities are endless. The trick is to always use the same convention for all your passwords, so that you always remember it.
The requirements for special characters and capital letters can be satisfied by always using the same combination of special characters for all passwords for a given site. An easy way to remember special characters is to look on your keyboard. For example, the exclamation point and the character “1” are on the same key. The above password can become “1!Tbontbttq”, with the capital letter being the letter corresponding to the number, so first letter in this case. I don’t know if this would satisfy Financial Manager, but this would be good enough for most web sites that require a password.
To remember this, you only have to remember that you use 1 as the number, followed by the special character on the same key from the keyboard, followed by the first letters of the famous verse from Hamlet. You can even tape “Hamlet” on your computer and most people would not guess what to make of it. Even if they guess that the passwords relates to the famous verse, when you add the letter and number, that you keep private, nobody can guess your password. OK, maybe I should not be so sure of myself, but guessing the password becomes very very difficult.
You can of course use other characters from your keyboard, put the number and special character elsewhere in the password, and so on. The trick is to always use the same structure so that the password can be reconstructed at any time with no effort from a simple piece of information. Any song that you particularly like or any text that you memorized when you were a kid and that still remember will do. For example, if you have kids, lullabies provide an endless source of material.
Not to mention that the deep, deep slow-talking voice of the robot attendant is super annoying.
Fortunately, you can still go in as a “guest” and make payments as before FM arrived on the scene. However, I understand that will go away someday, leaving you dangling over the abyss that Carl so eloquently describes above. I echo the comment: good (and entertaining) rendition of the problem, Carl. Thanks.
Carl, I am surprised that you are not using a password manager. Given that you promise a post on password hash files (hopefully with lots of tasty salt), and knowing how technical you are, it is likely you have considered the option.
While a password manager presents a single point of failure, that single point can be made much stronger than the many other failure modes present in the absence of a password manager. The only password manager hacks so far have occurred once an attacker has control over your local system. At that point, it’s game over regardless (they could simply install a keylogger to capture all your passwords). In general, a skillful adversary is necessary to compromise a password manager (or its equivalent; see http://arstechnica.co.uk/security/2016/04/how-hacking-team-got-hacked-phineas-phisher/).
I’d welcome your thoughts on the topic, either here or by email.
And to be clear, while a password manager may have prevented _you_ from encountering the above USPTO issues, your comments are no less persuasive. Some of the design choices the USPTO made do not stand up to scrutiny. Widespread use of password managers by users is not an assumption any web application designer can make.