Often, when you reach a store, you are invited to "log in," meaning to identify yourself, using a made-up user name and a password.
And if you do not already have a user name and password, the store may nudge you, subtly or not, to register, or "become a member."
On these sites, you see buttons taking you to areas with names like My Account, Registration, My Profile.
So what’s in it for you?
You do get some benefits from registering:
• Once you register, you have given them your billing and shipping address, and perhaps even your credit card information, so when you come to purchase something, you may not have to retype all that. Nice.
• If you start shopping and leave the site before making a purchase, and then come back, the items will probably still be in your shopping cart, because the store recognizes you and saves your shopping cart hoping you will continue. Non-members lose whatever they put in their carts.
• You may be offered a chance to do what Amazon calls 1-Click Shopping. You click a button and the system applies all your membership information, including your shipping address and credit card, so that you do not have to do anything more than click to make the purchase. Dangerously tempting!
Of course, the stores suggest or demand registration because it is helpful for them, too.
• Having your registration information already on file helps them fill out your order form for you, lessening the chance of typos fouling up the process.
• Because they have all this information on file, they can locate your order faster, for order tracking.
• The answers to the "optional" questions about your tastes, age, sex, other products you own, and so on, help build a demographic profile of their audience, which is very valuable for the marketing department.
• If you allow them to send you email, your profile may allow the store to tailor alerts, news bulletins, and specials so they describe products similar to what you have already bought, or in line with your profile.
For all these reasons, registration may be required before you get past the welcome page.
Often, such stores offer a guest pass allowing you to taste the benefits of membership for a few weeks, figuring you will be hooked, and sign up at the close of the free sample period. We always try the free trial.
But watch out for "automatic conversion," where you innocently agree to let the site turn your free pass into an annual fee, which just shows up on your credit card statement, without your making another move. This approach stinks. Look for a guarantee that you will have to make a positive statement that you want to become a member at the end of the trial period, or a promise not to "convert" you.
Other sites offer substantial incentives for becoming a member, without absolutely requiring that you sign up: members get lower prices, some kind of annual dividend like that offered by a cooperative supermarket, extra research, faster information (such as real-time quotes from the stock market), a newsletter, or email notification of products that you might be interested in. (This is a benefit?)
But look for a promise of privacy. At the bottom of the registration form, watch for a little button that says something like, "From time to time we like to let our members know about special bargains. Is this OK? Yes, No."
Even if you let them send you email (this is called permission email), you probably won’t get more than one notice a month.
Just to be safe, look carefully at the first email that arrives, to see how you can cancel.
If the store is decent, they will tell you how to cancel the email, right there at the top of the message.
If the store is run by weasels, and they don’t give you an easy way to cancel, then go to the site and start emailing the president until they give up and go away.
Just because they’re curious.
No, really it’s because they can tailor marketing pitches more precisely, using this demographic data. For instance, if you are 30 and play video games, they have a hunch you’ll be interested in the next Sega game console, whereas if you are 75, and interested in golf and square dancing, they won’t send you an email about the Sega, but you might hear about that great new release, Square Dancing in Old Virginia.
But isn’t this close to invading your privacy? Yes, it is. Decent sites allow you to skip these slots in their form. (Often the required information, which has to do with billing and shipping, has red asterisks next to it, or a little hand pointing to it.
And the extra info is marked "Optional.") Feel free to opt out.
If they insist on knowing stuff you don’t want to reveal, leave their site and never go back. You have plenty of other places to shop on the Web. If a site insists on getting this kind of personal information without letting you opt out, you can figure they will be rude in other ways, as well.
Also, check to see if the site advertises that it follows the rules of a privacy watchdog like TRUSTe, a nonprofit group that sets standards, and polices the site to make sure they follow those. For information, see http://www.truste.org
Because their programmers are so lazy. Well, sort of.
You see, to keep your records separate from everyone else’s, they need a way to distinguish you from the other customers.
Unfortunately, many people have similar names, or the same names, so the names aren’t enough to tell one customer from another.
Also, people move so often that the address isn’t a reliable piece of evidence.
Now, an energetic programmer could simply identify you as your Name AND your Phone Number AND your Email Address AND your ZIP Code. No one else would have that combination. But, you guessed it, that is hard to program.
So the programmers fall back on a technique they learned when they used UNIX networks back in school.
Just to sign on to the network, you have to give a make-believe handle (a user name) and a password, and if those are on the list, you get access to the network. Same here.
The programmers just make sure that the user name and password combination is unique. (You may have to try several times to get a unique user name.) So far so good. Wouldn’t it be great if you could use the same user name and password everywhere? You bet.
Unfortunately, many sites require slightly different variations, so you cannot use the same password and user name everywhere. Different sites require:
• A different number of characters, minimum and maximum. For instance, at one site your user name can be 6 characters long, but at another, it must be at least 15 characters long.
• Various capitalization schemes: some uppercase letters and some lowercase letters allowed, or no uppercase allowed. (And some sites let you type with upper- and lowercase letters, then rewrite your user name entirely in lowercase letters, without warning you, and later refuse to let you enter the site if you happen to use the uppercase letters again.)
• Various combinations of text and numbers, such as at least one number and one letter in the password, no punctuation allowed.
• A user name that no one else has chosen.
As a result, trying to meet different requirements, you may end up with half a dozen user names, and as many different passwords. Who can remember all this stuff?
We have to write the different user names and passwords down, or else we cannot get back into the sites. We have developed a list of more than 50 different name-and-password combinations, because the sites made such inconsistent demands.
Caution: Do not make up a password based on your birth year, pet names, or middle name, because if you do draw the attention of a hacker, these are too easy to guess.
Most of us forget these weird combinations after a week or so. The best sites offer a way of getting a hint (like your user name). You enter a question they can ask you when you need a hint, and you give them the correct answer. Usually the hint should be something you really can remember, like your mother’s maiden name or your email address. But even the hint doesn’t give you both halves of the security apparatus: the user name and the password. That’s why we recommend writing the combination down on a yellow sticky (if no one else can spy it), or in a file created just to keep track of all these codes.
Wouldn’t it be great if every store sent you chocolate-chip cookies just for visiting? Alas, the cookies you receive from some stores are just a bunch of electrons.
A cookie is a small file that the store sends to your browser after you register. The cookie contains the store’s name and a code identifying you, something like your Customer Identification Number.
Next time you visit the site, the site’s software asks your browser: "Do you have a cookie with our name on it?"
The browser looks on your hard disk, in the directory for temporary Internet files, and when it finds a cookie with the store’s name on it, sends that back to the store.
The store digests the cookie and discovers your Customer Identification Number (or whatever they call it).
In a few seconds, the store pulls up all your information.
You can tell that this has happened if you see a message such as "Welcome Lisa Price" at the top of the welcome page.
The store has recognized you, thanks to the cookie exchange.
From now on, if you press the Buy button, the order form comes up with almost every line filled in, because the store has drawn that from your customer record on their database.
So you give up a little hard disk space, sacrifice a little privacy, in order to avoid retyping all that stuff. And from the store’s point of view, the cookie is reassuring evidence that you are who you say you are and, in fact, you are a repeat customer, the best kind.
Shopping.com calls the cookie "a visitor’s badge that lets you move from page to page within password-protected areas of the site." (Those are the pages that deal with ordering, and they live on the secure shopping server.) They urge you not to "deactivate" their cookie. "Doing so means that your visitor’s badge cannot be read, and this will prevent you from using the site. You cannot, for instance, make any purchases without your cookie." You can see that from a store’s point of view an empty shopping cart is devastating.
· In Internet Explorer 4.0 or later, click View, then Internet Options, and click the Advanced tab. In the Cookie area, choose Disable All Cookie Use. If you just want to be notified when someone sends you a cookie, choose Prompt Before Accepting Cookies. That way you can judge the reliability of a site before accepting the cookies.
· In Netscape Navigator 4.0 or later, click Edit and Preferences, then choose Advanced, and set the options for cookies.
What? You didn’t write it down? Bad user! (Just kidding).
The worst offender in this area is a site that asks you to type in a 16-digit number to identify yourself. They act as if you should remember this code, but I doubt that anyone can, except maybe Millie the Magnificent Memorizer.
So what can you do if you have tried, say, half a dozen variations of your user name and password, and been rejected every time?
• You may be able to have the store email you with your password and user name, sometimes in two different messages, for security. But that means waiting for a few minutes, or a few hours, to get the secret codes. Meanwhile, you may be locked out, if it is a membership site.
• If the site offers a hint based on some secret you passed along to them during registration, like your mother’s maiden name, take the hint and get your user name. At least that’s a start. Now, what the heck was the password?
• Open a new account. But, of course, because there is already an account for someone with your name and address, the store may not accept your application, deeming you a fraud, or interloper, pretending to be you. And opening a new account means typing in all that information all over again. Tedious.
Yes, there is usually some way to do this. You have to enter your user name and password, and then choose something like Edit Information, or Change User Name or Password. You make the changes, and press a button such as Save or Submit.
In organizations with heavy security, like the Central Intelligence Agency, there is a sign-in book at the door of every building and every floor, with a guard who asks you for identification; you are leaving a record of your travels through the spook house.
When programmers created the first networks, they borrowed the idea of logging in from these logbooks.
Each user had to log in, identifying himself or herself to the system, getting permission to use the network.
As far as the store is concerned, you are an unknown user arriving over the Internet. By making you log in, they force you to identify yourself. Why do they care?
Well, if you have already registered, they can bring up your customer record and pour its information into the order form as soon as you click Buy. Similarly, they can tell whether you gave them any problems on your last order, like canceling or refusing to pay.
From the store’s point of view, logging in as soon as you arrive also means that they can locate your customer information, even if you have deleted (or refused) their cookie, the little file they sent to your hard disk way back when you first registered.
Of course, if a store urges you in big letters to log in on the welcome page, they may have organized everything in two tiers: the free information, available to anyone who visits the site, and the good stuff, for which you have to register and log in. Some of the investment information services adopt this model. They tempt you with lots of market data, but force you to sign up (for a fee, or for free) to get real-time quotes or research. In cases like this, logging in is a way of making sure you pay at the gate.