There's something wrong with whoever does site security for T. Rowe Price. Not because my account's been compromised or anything like that. It's just a little... off.
See, when I restart my browser and go to their site, my user name is already entered in. Presumably, they put a cookie on my computer for that purpose. However, my user name is mostly asterisked out (so, if it was "someusername," it would show up on the first login page as "*********ame"). Presumably, a security measure to prevent someone from finding out my user name if they use the computer after me, or something like that. Fine so far.
They split up the login process. User name on one page, password on the next. Thing is, the page where I enter my password has my user name. It's not asterisked out, there.*
Look, guys, I understand you want to make your investors think your site is secure. But - and this is kind of important - if there's something you think shouldn't be visible to the next person on the computer, don't make it so they can just hit "continue" to see it. I shouldn't have to tell you this.
Luckily, I don't give a crap if someone happens to see my user name. I trust that both a) my password's odd enough that someone who can't figure out my user name isn't going to come close to getting my password and b) a few grand in an IRA really isn't worth anyone risking federal charges for anyway.
I'm just asking for a little consistency.
*Hilariously, if I'm already logged in, my preferences page also asterisks out some of my user name. All of it but the first four characters - instead of all of it but the last three characters as on the login screen.** If I click to change my user name, of course, it happily displays the whole thing again.
** My full name, address, phone number, date of birth, and last four digits of my SSN, on the other hand? Those apparently aren't as important to hide in my preferences as my user name. What?