Jan 042014
 

This morning, I booked some flights with Ryanair on behalf of my parents, who don’t feel confident enough with computers and the internet to do this sort of thing themselves.

This is something I’ve done many, many times for them (and I’ve occasionally booked flights for myself with Ryanair, as well) so I’ve been using their website for donkey’s years. I’ve seen it change from time to time, and I’ve often cursed at it (and the company themselves) for making it so damned annoying, insisting that I say at the booking stage that I don’t want to add this, that, or the other – then having to do so again when dealing with the online check-in, and so on.

And then there is this annoying habit of putting an advertisment on the boarding pass/ticket, which passengers have to print out themselves – so they are expecting passengers (or those dealing with the booking) to waste their toner or ink printing adverts for them!*

So, with today’s booking, I’m pleased to see that the site has improved a great deal – it’s now much quicker to make a booking and, I hope, the same will be true of the online check-in when it’s time to deal with that.

However, when I say it’s now much quicker to make a booking, what I really mean is that I found it much quicker to make a booking on my second attempt, because the first attempt went wrong but the website didn’t make it clear to me that it had done so – indeed, it made it seem as though everything was fine, right up until the point that I had entered payment details, and it presented me with a blank-ish page instead of confirmation that payment had been taken and the flights were booked.

Without that confirmation on screen, and with no email appearing in my mailbox (nor filtered out as spam – I checked the mail server), I wasn’t able to say that the booking had definitely been made. However, because it had taken me through the point where I’d entered and submitted payment details, I wasn’t prepared to go through the booking process again, just in case that payment was going to be taken from the credit card. If it was my card, I could have checked my account online – but this was my step-father’s card, and he doesn’t have online access set up for it.

So, this is the website fail – or the start of it – but I’ll come back to this, and first deal with the telephone support fail.

Because we couldn’t be sure either way as to whether or not that booking was made (and if it was, we needed the booking reference) we decided to ring Ryanair to see if they could confirm whether it had gone through and, if so, if they could send out the confirmation email.

After a several minute wait (thankfully, “only” at 10 pence per minute) I got through to an operator. As the call progressed, there was a significant amount of interference on the line, making it difficult for me to hear what the woman was saying, which prolonged the conversation as I kept asking her to repeat things, and increased my frustration – but main gist of things went like this:

I opened the conversation by saying that I had just tried to make a booking on the website, and that after entering the payment details, I was presented with a more-or-less blank screen, which didn’t confirm that the booking was complete, and that I had also not received a confirmation email.

The woman on the other end asked for my name (though, arguably naughtily, I actually gave my step-father’s name, since the booking was in his name and using his card. No need to confuse her!) and then the credit card number, to check it on their systems and see if a transaction was recorded for it. I pointed out that it would make more sense to take the details of the flights I had just tried to book, and search for that in conjunction with the name – or, perhaps, the email address I’d used – but, no, she insisted on the card number. I caved, and gave it.

After a moment, she asked me for the email address I’d used to make the booking, which I gave her.

She asked me to confirm the email address I’d just given her was the right one. I did.

She asked me if I used another email address to make the booking. I said no; the email address I’d given her was the only one I’ve ever used to make bookings with Ryanair.

She asked me if I was sure I’d used that email address – which I was, repeating that it’s the only address I ever used for Ryanair.

She asked me if I’d logged into my account, or created one when making the booking (which is a new feature of the site since the last time I used it, and something I’ll come back to below). I told her that I’d created an account while making the booking.

And did I use the same address for that, or a separate one? The same one.

The conversation went back a few questions: Could I again give her the email address I’d used to make the booking. I did, followed by confirming – again – that I definitely used that address, and not a different one.

Eventually, she told me that she couldn’t give me the details of the booking, because the email address I’d given her didn’t match the one that had been used to make it! Now, confusion over the email address aside, that sounds to me like the booking had been made – although, bear in mind she’d refused to take the dates of the flights off me.

I concluded (and therefore suggested) that perhaps I’d made a typo when entering the address (although I’d typed the address in  four times – which I’ll explain below when discussing the website fail – so was very unlikely). No, she said, it doesn’t look like a typo; it’s a completely different email address, and that’s why I hadn’t received a confirmation (with no explanation of the blank-ish page on the website, rather than the usual confirmation there).

Getting somewhat annoyed now, I strongly suggested that perhaps there was something wrong with their new website/booking system if it was associating the wrong email address with a booking (and, I therefore presumed, sending that confirmation to someone else entirely) – given the lack of a confirmation on the website after making the booking, that there might be a fault with the site doesn’t seem an unreasonable conclusion.

She defended her employers, saying the system is fine (except it clearly isn’t – see below; it’s just that the problem isn’t what I was effectively suggesting here).

Somewhere around now, she mentioned the dates (well, the month) of the flights, which under the circumstances she probably shouldn’t have done. The month she gave was January – the flights I was trying to book were in May.

My parents do have flights booked, with Ryanair, in January – but I didn’t make the booking for them; one of my brothers did. By looking for the card, she’d found that booking. Now we were getting somewhere.

Having now established that those weren’t the flights in question, she took the dates of the flights I’d tried to book, and was able to confirm that booking hadn’t happened.

The dates of the flights that I’d tried to give her much closer to the start of the call – information she (or the script she was following) didn’t want to take. Although it’s only a 10pence per minute call, that was a lot of minutes – not to mention 10 pences – that could, and should, have been shaved off the call.

That’s a telephone support FAIL.

The outcome of that call, though, was that we now knew that the booking hadn’t been made, in which case it was okay to go back to the website and go through the process again.

This time, everything went smoothly, and the flights were booked – which is what should have happened the first time.

What did I do differently?

When I tried to make the booking the first time and got to the point where it asked me to set up an account, the form didn’t specify what type of characters I could and couldn’t use for the password. As I usually do, I made up a new – i.e. never used before – password, which contained a mixture of letters, numbers, and other characters.

This time, I dropped those other characters.

I did, at first, neglect to use mixed-case, and was prompted with an error telling me that “Your password did not meet our criteria. Please note that the password must be at least 8 characters, Passwords must include at least one uppercase letter and one numeric character.”

So there’s the password specification – and if what you enter doesn’t fit that specification, it gives you an error.

Every time?

No.

That’s what I think went wrong the first time; I’d used a couple of non-alphanumeric characters in the password. It didn’t give me an error – but it also didn’t accept that password; instead, it seemed to let me carry on as if it had, and, as we’ve already seen, didn’t actually make the booking.

I can test that now.

This is the form presented to a user to set up the form as part of the booking process (I’ve selected some flights in order to get to this stage):

The form for setting up an account on the Ryanair website

The form for setting up an account on the Ryanair website

As you can see, I’ve blocked out the email address I’ve used – and for the security question (one of three options, which is a really crap choice) I can assure you that my first pet was NOT called Penthouse – but what a great name that would be for a pet!

The password I’ve entered in this case is ALL lower case, and only letters. If I click “CONTINUE” it gives the warning quoted above, as it should:

Ryanair's error message telling the user that the password doesn't meet their criteria

Ryanair’s error message telling the user that the password doesn’t meet their criteria

Clicking “OK” takes me back to the form, so that I can try again – and in this test, just changing it so that it was all lower case and with one numeric digit (so still invalid according to their specification, which says there must also be one uppercase letter) I found myself on the next page, with no error message. However, the account hasn’t been set up judging by the lack of an email confirmation (which I did receive when I set up the real account while making the second attempt at the real booking!)

So, in some circumstances, it’s possible to enter an invalid password at the account set-up stage, and the system won’t accept it – but doesn’t tell the user, while allowing them to carry on unaware of that fact, and not actually acting on the booking they are trying to make.

As an aside, now that I know what’s going on, there is a clue here that it hasn’t worked.

This next page asks that the email address be entered (twice). When the account is set up, if Ryanair’s site has accepted it, the email address will be filled in – if the two email address fields aren’t filled in, therefore, the account hasn’t been set up. That’s why I had entered the email address four times this morning, and why I was therefore entirely confident that I hadn’t made a typo: I’d typed in an address I’ve been using for Ryanair for many years four times; twice on the account set up form, and twice on this next page! (In fact, I’d actually commented to my step-father about that very thing – saying that it’s a bit silly making me enter the email address twice to set up the account, then asking me to enter it twice again!)

However, without knowing in advance why the email address had to be entered again, its worth as a clue is somewhat diminished!

Back to the password, though.

Further testing shows that repeated attempts to use all lowercase and no numeric digits – or all uppercase and no numeric digits – will trigger the error. A repeat attempt, but adding one or more numeric digits to an all uppercase or all lowercase password, will not trigger the error, but will not create the account. This will presumably lead to the same situation I encountered this morning, when it seemed to proceed with the booking, but didn’t actually complete it, and didn’t make that entirely obvious.

I have also been able to create an account using a password consisting of upper and lowercase letters, number digits AND non-alphanumeric digits – where the latter were mid-way through the password. I couldn’t then log-in using Firefox, but could using Internet Explorer.

Using the same failed password as my first attempt this morning, when I was trying to make the real booking for my parents, neither browser created the account – and in neither case was I presented with an error, and – as originally – I found myself in the position where I could seemingly proceed with the booking.

So, on the face of it, the underlying code that checks the validity of passwords when setting up a new account is faulty.

That’s a website FAIL.

While carrying out these tests on my computer, I’ve noticed that there is a pop-up message when entering the password, informing me that it must be at least 8 characters long and include at least one upper and one lowercase letter, and one numeric digit. I didn’t notice that this morning – why?

Ryanair's password specification

Ryanair’s password specification

The answer is that pop-up only appears when the mouse pointer is over the Password field, and it’s entirely possible to fill in this form without the mouse pointer ever being over that field, if you simply click in the first field (which is the email address field) and then use the tab key to move to the next field after entering whatever is needed, and so on.

In other words, this form is designed on the assumption that all users type data into one field, then use the mouse to move to the next field, then the next, etc. Fail again, I think.

* I don’t. I edit the boarding pass to remove the adverts, leaving everything else intact. I’m not wasting my toner on their adverts.

VinceH