My mother works for a certain large company and has a 401k with them managed by Merrill Lynch. She also has a Mac Mini, which will show up again later. The first part of this was relayed to me by my mother and sister, I didn’t become involved until later on.
Yesterday my mother starting having massive issues getting into her ML.com account, and apparently so did many, many other people. She ended up getting on the phone trying to get support. She didn’t want to deal with the automated phone robot and took the option to speak to a representative. She was told that due to “high call volume” that she could leave her phone number and a representative would call her back between 1 hour 45 minutes and 3 hours. Wow. I can only assume that there were hundreds, perhaps thousands of other people having the same issue. She had nothing else to do that day so she waited.
In the interim she apparently had managed to get into her account briefly, but was booted off and was unable to get back in.
After a while, a representative called her and was very condescending to her saying things like “Have you ever even used a computer before?”. Now my parents bought an Apple II in 1983, and my mother was primary user of it. Besides helping me learn BASIC programming, she ran her small business on it. She’s had a computer ever since. So while she may be a bit overwhelmed by the whole web thing, yes, my mother has used a computer before.
The tech ended up emailing her a link to use to login to her account which also worked, but then this exchange ended the phone call. I think the tech was trying to get her to create a bookmark, not really sure though.
ML: Click on the “Start” button and…
Mom: I don’t have a start button.
ML: Excuse me?
Mom: I have a Mac-
ML: Macs are no good. I suggest you go to your local library and use the PCs there. I cannot help you if you’re using a Mac. Have a good day.
Well, of course Macs are good, or good enough before yesterday to use ml.com. They were also usable at that very moment as she was able to get into the site.
I told my mother that they probably just updated the site, pushed out some bug and fixed it within a couple of hours. That was yesterday.
Today I got phone call from my mother saying that she couldn’t remember the administrative password for her Mac, and ml.com was asking for it. Alarm bells were going off in my head. Why would ml.com be triggering basically a sudo command? I fired up a VNC session so I could see what the hell was going on. I see she has the following page open:
“See? It’s saying it was my Administrative User ID and Password” my mother says. Nope, I’m not sure why it says “Administrative Site” there, but it’s totally different from the OS X system pop up. I asked her to try to login, she gets a “login failed” error. Strange. I look at the URL which is
https://www4.benefits.ml.com/adm/login.aspx
Now my total amount of experience with ml.com can be measured in minutes at this point, but I’m thinking that maybe this is some sort of non-public login. Regular users shouldn’t be using this. As an experiment, I trim out the “/adm” from the URL so now we have:
https://www4.benefits.ml.com/login.aspx
Which is this page:
Very similar. I ask my mother to login here, and amazingly, it works.
Now I’m curious. How did my mother get to that wrong login page? I click the log out link and open a new blank browser tab. “Mom, show me how you normally get to the site.” She types “ml benefits login” into the Safari’s search window, which brings up this Google results page:
See that “LOG IN” link right there in the quicklinks? Guess where that goes?
That’s right.
http://www.benefits.ml.com/adm
How many millions of people browse the web this way? Enter something, even the domain name of the site they want, into Google, Bing, etc, and click on the top link? What happens when one of those links is incorrect? Even if the user ends up on the correct site?
This isn’t a Mac issue. This won’t even be remedied by going to the library and using their PCs. This is ml.com’s issue probably after a very recent Google update. Some robots.txt / nofollow magic will fix this during the next Google refresh. Until then, a quick refer check to see if the user came from Google at the top of the /adm script will fix it now and save ml tons of money in support. I can totally see the reasoning behind the “Administrative Site” in red caps on the /adm page. Crap, I’ve done similar things myself, although never on a site of this level. Guess what though, it doesn’t help. Massive UX lesson to be learned here.
