Amazon web sites: They never remember my passwords
Posted by Pierre Igot in: Macintosh, TechnologyJuly 25th, 2006 • 3:55 pm
[NOTE in case you care: I was on vacation for a couple of weeks, hence the lack of activity on this blog.]
This is something that has been bugging me for a long time. I am a regular customer at various Amazon web sites, including Amazon.com, Amazon.ca, Amazon.fr, and Amazon.co.uk.
Because I was an early adopter for most of these web sites, I have a different user ID and password for each. (Amazon implemented some kind of international integration later on, with a unified user ID and password for all sites, but by that time I already had established wish lists on each site, so I never bothered to switch. Besides, I don’t think the unified system supports all four stores.)
The problem is that, for some reason, the Amazon web sites never seem to remember my passwords from one shopping session to the next.
Now, I should qualify this. When an Amazon store requires my password, it takes me to its “Sign In” page, and on this page the user ID (my e-mail address) is usually filled in automatically. On the other hand, the password field next radio button on this “Sign In” page is only filled in automatically very rarely, i.e. typically when I just visited the store not long ago and I am returning for more shopping, without having quit Safari or restarted my machine or anything like that.
In my Safari preferences, the option to automatically save user ID and password information is checked, and Safari does ask me if I want it to remember the user ID and password when I fill in the fields on Amazon’s “Sign In” page. I always indicate that yes, I do want Safari to remember the information and fill it in automatically the next time I visit the site.
The problem is that, most of the time, it fails to do so. The user ID field is automatically filled in, but I have to type the password again. (Since I use many different passwords that are all stored in one main password database encrypted and protected by a master password, this means that I have to launch my password database application and look the password up.)
Why does this happen? More specifically, why does this always happen with Amazon’s web sites, and not with other web sites where I have to log in?
Clearly it is not an obvious incompatibility between Safari and Amazon’s sites, because the AutoFill feature does work sometimes. It just doesn’t work reliably.
My suspicion is that it might have to do with the fact that Amazon typically uses rather crufty URLs for its pages. So maybe from one session to the next, the URL to the “Sign In” page changes, and this causes Safari to fail to auto-fill the password. But if Safari’s AutoFill feature is designed to work on a site-wide basis, this doesn’t explain the problem.
It also doesn’t explain why the user ID field does get filled in, but not the password field. Maybe it is because the user ID field is automatically filled in by the Amazon web site before the page is even loaded by Safari. The Amazon web sites use cookies to automatically identify you when you visit the site, even before you sign in with your password. So obviously it already knows who you are, and that personal identification probably already includes the e-mail address, which is used as the user ID.
Whatever the cause is, I find it rather strange that it only affects Amazon’s sites, and not any of the other sites that I visit/use and require login information. Surely there are enough Safari users among Amazon’s huge customer base to force Amazon to make sure that its sites work well with Apple’s browser…
On the other hand, after all these years, I still haven’t bothered to submit a report about this to Amazon via their feedback page—so I suspect that many users are like me and just resigned to the fact that they have to type their password again and again. (Mac OS X itself requires you to type it again and again even if you are a user with admin privileges, so clearly Mac OS X users are used to this.)
It’s no big deal, but I am still wondering what the actual cause of the problem is.
July 25th, 2006 at Jul 25, 06 | 6:07 pm
That’s odd. I don’t think I’ve ever had to fill in my password on Amazon on my own computer since I initially went there. Then again, I only go to the US-based Amazon.com, so I wouldn’t have any potential top-level domain conflicts (.ca, .fr and such). And as far as I know, every page on Amazon uses the same root domain of http://www.amazon.com (or .ca, or .fr…) so that shouldn’t make a difference.
The only thing I can think of is to consolidate your accounts into one location, which should give you access to every piece of merchandise anyway, then clear the auto-fill form in Safari’s preferences and re-enter your login and password. After that, if you have cookies on and if you only use the one local domain, it should remember your login information every time.
OS X asks you for your admin password at times because even though you’re an administrator, you’re not running as root, so you still need to grant it temporary root access. Compare this with Windows, in which the first admin account automatically has access to everything, and any other account needs to be granted system-wide root access to do anything administrative. It’s a matter of better security and protection against doing something stupid, as well as preventing unauthorized users from doing stuff they shouldn’t.
July 26th, 2006 at Jul 26, 06 | 8:16 am
Like I said, if I consolidated my accounts, I would lose some of my wish lists. It’s not a huge problem, but it’s an annoyance. I might do it some day.
I am also aware of the fact that Mac OS X’s requests for the admin password even when you’re logged in as admin are a precautionary approach. I just find it rather crude and occasionally annoying as an approach to this particular problem. Asking for my admin password again makes me feel like I am not an admin and like I don’t know what I am doing. When you do know what you’re doing, these password requests simply get in the way.
I know we’re all human and we all make mistakes, but maybe we don’t need to be reminded of that so often. To me, these requests for passwords simply feel like the GUI equivalent of the sudo command, and not like a really well thought-out approach to security issues.
I am not saying I have a miracle solution here. I just feel that there is room for improvement.