New student loan site



  • The Federal student loan website where I make my payments recently changed. The old one, while basic, worked well and I never had issues with it. The new one is awful from a user experience standpoint.

    Anyway, for the old system I logged in by typing my SSN, birthdate, last name, and a 4-digit pin. Worked every time.

    For the new system, first I have to find out what the website is because they changed the domain. Not only that, but it seems there are several domains/sites for slightly different purposes. If I want to pay on my own behalf, that's one site, if I want to pay on someone else's behalf, that's a different site, if I want to view loan history, that's yet another one. I don't remember anything about it since I've only made one payment so far on the new system. I logged into my email to check the "Your monthly statement is available" email from them and it doesn't tell you where to go, but it does give you a "Click Here" link to send you to the login form. Except someone forgot to make "Click Here" a hyperlink.

    I dug through my browser history to see where I went last month and found the site. Naturally, when I signed up for a username their rules excluded all of my normal usernames/handles and I couldn't remember what I used, so I went through the "Forgot your username?" process. I had to answer a bunch of security questions and everything was okay, except I had to double-click the "Submit" button. The first click apparently triggers some kind of client-side validation because a green check appeared next to each form after that first click. The second click submitted it and they emailed me my username. TRWTF in this step is that I had to use a username, would have been much easier to just use my email address as the login.

    Okay, got my username. I tried logging in again and couldn't remember my password. Makes sense since I never write down passwords and I've only logged in once before. That shouldn't have been a big deal, while I typically don't re-use passwords except for forum sites and such where it's not too important, I do use a pattern to generate passwords that I can easily figure out. If I can't remember what the password for a site is, I just go through the pattern and I'll usually find it within 5 tries.

    After three tries it locked my account. There were no details on how to get my account unlocked, so I guess I have to call someone. But first I decided to try the "Forgot your password?" link. It sends me to the same form I used to recover my username. I filled everything in and click (twice) "Submit". And was immediately presented with a page telling me an unexpected error has occurred and to try again. No amount of trying again works, I just get the error page.

    So if I fall behind on my student loan payments, do you think "Your system is total crap and prevented me from making payments" is a valid excuse? Yeah, I'm partially the WTF for not remembering my login info, but they sure make things difficult.

    (Say what you will about the wisdom of getting private student loans, but the private institution I used for the other half of my student loans has an easy-to-use and stable web platform for making payments. I've never had any issues at all over there.)



  • My student loans are paid off, but my wife is still making payments on hers every month, so I know exactly what you're talking about.  The old site was pretty simple, appeared to be very secure, and worked every time.

    The new system is utter garbage.  It follows the [url=http://thedailywtf.com/Articles/WishItWas-TwoFactor-.aspx]Wish-It-Was[/url] Multi-Factor paradigm, in fact it's the same security theater system my credit union recently adopted.  As part of the "secure experience" you are required to do the following:

    1. choose a password that meets their strict guidelines
    2. choose 3 (or was it 5) security questions and answer them (or as I call them, your less-secure, easy-to-figure-out secondary passwords that can be used to gain access to your real password, should you forget it)
    3. choose a "security picture" from a set of about 8 (WTF?)
    4. choose a "security phrase" from a set of about 8, or write your own (WTF?)

    With my credit union's online banking, I have to say I am on a "private computer" if I don't want to be subjected to their login process again next time:

    1. enter my password
    2. answer my security questions (not only used to access forgotten passwords, but required for login)
    3. identify my security picture
    4. identify my security phrase
    5. get it all right in three tries, or my account is locked

    I'm not sure if the federal student loan site works the same way, since we haven't tried to log in from a new computer yet.

    @mott555 said:

    So if I fall behind on my student loan payments
    If you can, set up automatic payments.  IIRC, they lower your interest rate as an incentive to do this.

    @mott555 said:

    ...the private institution I used for the other half of my student loans has an easy-to-use and stable web platform for making payments.
    I'm sure it varies.  The private institution my wife used for her other student loans apparently employs nothing but nitwits.  Their site is just as messed up as the new federal site (for different reasons - do I really need to verify that my email and street address haven't changed [i]every fucking time I log in?[/i]), and when my wife called to set up automatic payments, they couldn't figure out how to set up monthly or semi-monthly payments.  Instead, we have 5 separate payments on 3 separate days (yes, figure that out).



  • @mott555 said:

    TRWTF in this step is that I had to use a username, would have been much easier to just use my email address as the login.

    I loathe sites that use your email address as your login. People's email addresses can change, and that just gets ugly. Does your login now change? Ick. Email address and login should be two separate things. If the user wants to provide the same value for both, that's his business, but the site should keep them as separate concepts.



  • @mott555 said:

    So if I fall behind on my student loan payments, do you think "Your system is total crap and prevented me from making payments" is a valid excuse? Yeah, I'm partially the WTF for not remembering my login info, but they sure make things difficult.

    That's worked for me on my car payments, but that was a slightly different issue where it looked like I had finished, but there was a tiny "submit" button waaay at the bottom of the page below the fold, and no kind of "hey you aren't finished yet!" message at the time. Still a poorly-designed site, still a site that had changed from a simpler, easier one, but not as obviously broken.



  • @blakeyrat said:

    ...there was a tiny "submit" button waaay at the bottom of the page below the fold, and no kind of "hey you aren't finished yet!" message at the time.
    I hate sites that do this.  Worse yet when you click a "Submit" button, thinking it means you submitted your payment, when really it just means you submitted your agreement to their terms and conditions, and the next page has a "Submit Payment" button.

    I always make a point to keep going until I see a "You finished our way-too-fucking-complicated payment process (Good for you!) your confirmation number is..."



  • @boog said:

    I'm not sure if the federal student loan site works the same way, since we haven't tried to log in from a new computer yet.
     

    It makes you answer a security question if you're on a "new" machine. Its definition of "new" is unclear to me, since my desktop machine at home is always a "new" machine regardless of how many times I've used it to login to this site.



  • @Someone You Know said:

    It makes you answer a security question if you're on a "new" machine. Its definition of "new" is unclear to me, since my desktop machine at home is always a "new" machine regardless of how many times I've used it to login to this site.


    IP address? Or do you have a static IP at home?



  • @boog said:

    2.  choose 3 (or was it 5) security questions and answer them (or as I call them, your less-secure, easy-to-figure-out secondary passwords that can be used to gain access to your real password, should you forget it)

    What the heck is with those anyway? What is the theoretical logic behind them? That somehow only you know your mother's maiden name, your school mascot, and the street you grew up on? Has anyone who has built these things ever heard of, uh, what's it called... the INTERNET?

    And it's especially bad for me, because my mother's maiden name is my first name! (Fortunately, I am a skilled liar, and they believe me when I tell them that I grew up on Ogeiuoiqd Street, which is down the road from Grandpa Whufhqqqa's house.)



  • @jverd said:

    I loathe sites that use your email address as your login. People's email addresses can change, and that just gets ugly. Does your login now change?
    Sure, why not?  Best would be being able to use both to log in. 

     

    @Xyro said:

    (Fortunately, I am a skilled liar, and they believe me when I tell them that I grew up on Ogeiuoiqd Street, which is down the road from Grandpa Whufhqqqa's house.)

    /me hacks Xyro's accounts

     

    BTW, was this direct.ed.gov?



  • @Xyro said:

    (Fortunately, I am a skilled liar, and they believe me when I tell them that I grew up on Ogeiuoiqd Street, which is down the road from Grandpa Whufhqqqa's house.)

    Liar? Or Qwghlmian?



  • @Sutherlands said:

    @jverd said:
    I loathe sites that use your email address as your login. People's email addresses can change, and that just gets ugly. Does your login now change?
    Sure, why not?  Best would be being able to use both to log in.
    The website I use to make my motorcycle payments works that way. I think I like that best. I have several usernames I might use, but important stuff all ties to a single personal email account that's not going to change.

    @Sutherlands said:

    BTW, was this direct.ed.gov?
    Yes.

     



  • @Sutherlands said:

    @jverd said:

    I loathe sites that use your email address as your login. People's email addresses can change, and that just gets ugly. Does your login now change?
    Sure, why not?  Best would be being able to use both to log in. 

    I could live with that I guess, although it's not totally unreasonable that at some sites you might have multiple user accounts tied to the same email, with different login names. This scheme wouldn't work in those situations, or at least would require special handling when you try to log in using an email address that's tied to multiple accounts.

    I think much of my hatred of email-as-the-one-and-only-login comes from working as a developer on such sites. (In both cases where it happened, that decision was made and implemented before I joined.) Much of the system considered the "login" to be an immutable property of the account. This caused headaches when somebody had the radical idea to allow users to, GASP, change their email address.



  •  Yeah, I've NEVER been able to log into the new site. I always get "Unexpected Error".

    Fortunately, my auto-payment is still working through this transition, so it's not a high-priority item for me...



  • @pjt33 said:

    @Someone You Know said:

    It makes you answer a security question if you're on a "new" machine. Its definition of "new" is unclear to me, since my desktop machine at home is always a "new" machine regardless of how many times I've used it to login to this site.

    IP address? Or do you have a static IP at home?
     

    That would seem a likely explanation. What makes me doubt it is the fact that other sites that do stuff like this (e.g., my bank, Facebook) have not detected this computer as a "new" machine on the same schedule. But it's possible those other sites are using a different method of detecting my machine that I'm unaware of.

     


  • :belt_onion:

    @boog said:

    If you can, set up automatic payments.  IIRC, they lower your interest rate as an incentive to do this.
     

    This is true. But your mileage may vary. One of my loan servicers offers a 2.5 point reduction (!!!) as an incentive. The other offers a... 0.25 point reduction.

    Don't get me wrong, I took it; you should always take an interest rate reduction. But it results in a savings of 20 cents or so a month; since it has the higher interest rate, I'm going to be paying it off more quickly, and I think by the time I'm done, I'll have saved enough to buy a soda.



  • @heterodox said:

     I think by the time I'm done, I'll have saved enough to buy a soda.

    But it will be a tasty soda, filled with happiness and rainbows



  • @jverd said:

    it's not totally unreasonable that at some sites you might have multiple user accounts tied to the same email, with different login names. This scheme wouldn't work in those situations, or at least would require special handling when you try to log in using an email address that's tied to multiple accounts.
     

    When I decided to start paying the majority of my bills through the payees' websites instead of through my bank's sometimes funky Bill Pay feature (if you pay your ExxonMobil card from ExxonMobil, it registers right away that you've made a payment instead of three days later) I ran into a lovely little quirk of corporate America:  your user id has to be unique.  Not just unique for that payee, but for any other whose credit card is issued by the same bank.  This means that I had to have a different user id for Citgo, Sam's Club, Valero, Radio Shack and Goodyear.

    On the up side, I hope this means I have five companies instead of just one reporting to the credit bureaus that I'm being a good boy and paying all my bills on time.



  • @serguey123 said:

    @heterodox said:

     I think by the time I'm done, I'll have saved enough to buy a soda.

    But it will be a tasty soda, filled with happiness and rainbows

     



  • Darn, here I was hopng for a topic about how to get someone to loan me a student [aka unpaid internship]



  • @Sutherlands said:

    @jverd said:

    I loathe sites that use your email address as your login. People's email addresses can change, and that just gets ugly. Does your login now change?
    Sure, why not?

    Because sometimes email addresses get recycled. I once got an email address that was [moderately common first name]@[soon to be popular email provider].com. They were free at the time, so I got it just because I could. A few years later they started charging, and I didn't want to pay for an address I wasn't using very often, so I didn't bother signing up. Years later I discovered that someone else had taken over the address. If I had previously signed up for the loan site, and then the new owner of the address did, too, it wouldn't work. Probably not a common scenario, but not entirely out of the realm of possibility.



  • @dcardani said:

    Because sometimes email addresses get recycled. I once got an email address that was [moderately common first name]@[soon to be popular email provider].com. They were free at the time, so I got it just because I could. A few years later they started charging, and I didn't want to pay for an address I wasn't using very often, so I didn't bother signing up. Years later I discovered that someone else had taken over the address. If I had previously signed up for the loan site, and then the new owner of the address did, too, it wouldn't work. Probably not a common scenario, but not entirely out of the realm of possibility.

    What, you mean they couldn't just hit "Forgot Password", then guess the answers to your security questions and get into your bank account? :)



  • @dcardani said:

    [...] Because sometimes email addresses get recycled. [...]

    Furthermore, if you use your company's email address, that can change, too. My company recently changed its name, and along with it its primary domain and all its email addresses. (It actually wasn't as painful as some people thought, but I think that's because there were a few individuals who really pulled things together behind the scenes.) Everyone once in a while, I have to use the old email address to login to some of our third-party services. Most all of them allow it to be changed, fortunately.

    Of course, why you'd use a company address for this type of business I have no idea.



  • @jverd said:

    I think much of my hatred of email-as-the-one-and-only-login comes from working as a developer on such sites. (In both cases where it happened, that decision was made and implemented before I joined.) Much of the system considered the "login" to be an immutable property of the account. This caused headaches when somebody had the radical idea to allow users to, GASP, change their email address.


    One project I worked on allowed you to change your username. Of course, I only discovered this when, in the process of normalising the two distinct tables of users, I was informed that there is an offline process which relies on the surrogate key of one of the user tables, and I asked why it didn't use the obvious natural key.



  • Oh, it just got even better. I called their customer support line to see about getting my account unlocked and/or make a payment by phone, and I get answered by a machine telling me there is a problem and they are currently unable to take calls.



  • @mott555 said:

    Oh, it just got even better. I called their customer support line to see about getting my account unlocked and/or make a payment by phone, and I get answered by a machine telling me there is a problem and they are currently unable to take calls.

    ...but if you'll provide your username, they'll PM you a solution on the site.



  • Is your student loan website ACS-Education? Wells Fargo sold my student loans to these retards, and I have been frustrated ever since. Their website is routinely down and having issues, and I could write a book on all the WTFs in their system (for example I accidentally gave them the wrong bank account # when I changed banks, and I got a month of payment free because their system didn't recognize that the payment was rejected).



  • @mott555 said:

    @Sutherlands said:

    BTW, was this direct.ed.gov?
    Yes.

    @KallDrexx said:

    Is your student loan website ACS-Education?



  • @KallDrexx said:

    Is your student loan website ACS-Education?

    I set up automated payments with ACS on a loan I was repaying quarterly. Got a confirmation thing that the auto-payments were set up. 

    Months and months later I got a call from a collections agency asking when I was going to make a payment on this. 

    Logged in to the ACS website. Automatic payments are still listed as active, but no payment has been made at all. All I could get out of them was that it was some kind of "internal clerical error". 

    So, which is the greatest WTF here?

    1. ACS telling me autopayments are active when they're not

    2. ACS sending me to collections without contacting me in any way

    3. Me not noticing that none of the money was taken from my account



  • @Someone You Know said:

    @KallDrexx said:

    Is your student loan website ACS-Education?

    I set up automated payments with ACS on a loan I was repaying quarterly. Got a confirmation thing that the auto-payments were set up. 

    Months and months later I got a call from a collections agency asking when I was going to make a payment on this. 

    Logged in to the ACS website. Automatic payments are still listed as active, but no payment has been made at all. All I could get out of them was that it was some kind of "internal clerical error". 

    So, which is the greatest WTF here?

    1. ACS telling me autopayments are active when they're not

    2. ACS sending me to collections without contacting me in any way

    3. Me not noticing that none of the money was taken from my account

     

    Almost the same thing happened with my ISP. They didn't stick a collections agency on me though, but I did get a $10 late fee since their autopay never billed me.

     



  • @Someone You Know said:

    2. ACS sending me to collections without contacting me in any way

    Seems almost like standard procedure these days.

    My fiancee's doctor's office's somehow managed to open up multiple accounts in her name, and they'd chose one seemingly at random to bill for each visit and procedure. Since she was making the monthly payments (because health insurance sucks x1000 - a communal WTF for another day), she didn't realize that other accounts in her name were being neglected. Then one day out out of the black, a collector comes calling. Not only that, but the collector claimed that they'd be trying to get in touch with her for months. Dirtbag liars.

    Ugh, I hope this doesn't hurt our credit score.

    ...It probably does.



  • @Xyro said:

    My fiancee's doctor's office's somehow managed to open up multiple accounts in her name, and they'd chose one seemingly at random to bill for each visit and procedure.
     

    This sort of thing used to happen to my father all the time when I was a kid. His name is fairly common in the part of the world where we lived, and through some bizarre coincidence there was a guy with the same name living at a similar address — same number, same street name, different kind of street, like 123 Center Street vs. 123 Center Road. This other guy had all kinds of medical problems and kept running up bills for their treatments, and any time my father went to the same hospital for anything, he'd get accosted by people demanding he pay for all these things. This didn't stop until well after one or more of the other guy's medical problems took him out.



  • @Xyro said:

    My fiancee's doctor's office's somehow managed to open up multiple accounts in her name, and they'd chose one seemingly at random to bill for each visit and procedure.
     

    I had that with Macy's.  For some reason when I signed up for some kind of "rewards" program they opened up a second store credit card account instead of attaching it to the one I already had.  And then every time I paid the bill it somehow got credited to the wrong account, with the result that the following month I'd get one bill telling me I had a credit balance and another one tacking a whopping "late fee" onto the one I'd tried to pay the month before.



  • @Someone You Know said:

    This didn't stop until well after one or more of the other guy's medical problems took him out.
     

    I expected that would compound the problem:

    "Sorry sir, we can't treat you because according to my files, you're dead!"

     

    ---

    "Why am I not insured?"

    "Oh, we thought you were dead."



  • @dhromed said:

    I expected that would compound the problem:

    "Sorry sir, we can't treat you because according to my files, you're dead!"


    The hospital didn't know he was dead until several months after his demise. I don't know how and where he died, so I don't know how much of a WTF that was.

     


Log in to reply