Yesterday, I need to log-in to my web host. I lease space on my web-host's servers to provide web-sites for myself and a number of other people. My web-host is a very progressive, highly-skilled and innovative company. They provide multi-factor authentication, a method for protecting my account from unauthorized persons. In short, I need my password and my phone to log-in.
I changed phones recently, losing one of the two-factors I needed to log-in. To account for this inevitability, the service provides never-expiring back-up codes to use. I had already logged-in previously using these codes (since changing my phone), so I only had three left.
I decided to use the link they provided on the log-in page to reset my multi-factor authentication.
I clicked it, I was asked to reset my password via a link sent to the e-mail associated with the account. That's a perfectly reasonable request, so I did so. It asked me for a multi-factor authentication code to complete that request, so I used one of the three I had left.
I knew my password, I didn't really want to change it, but that's on me. I changed it, submitted one of the three codes I had, was told the change was successful, and then was directed to log-in to my account.
When I went back to log-in to the account, they required a multi-factor authentication code to complete the log-in. I used one of the two I had left, that failed.
The only option I had left was to try the whole process again, and that used up my last code.
I was now locked-out of my account because I followed their instructions.
I started looking on the web-site and wiki for a phone number. There isn't one.
I went to submit a lost password ticket off of their website. In order to authenticate the ticket, I had to provide the first and last four for my credit card.
I have six credit/debit cards, and a paypal account. I have been paying by paypal, but I knew I had used one of my cards with them, but I didn't know which. I had to submit six tickets in order to make sure at least one of them would match up.
Four hours later I got an e-mail from them admonishing me for submitting multiple tickets on the same issue.
That was the line they crossed. I was doing what they asked me to do to the best of my ability.
I previously loved and admired this company to the extent that one can "love and admire" a company. I have sent them many customers, tested their new systems, and have been an unpaid technical evangelist for them for a long, long time.
Today, I begin the lengthy and sad process of moving to another, probably less-capable, web-host.
Why? I need a web-host with a phone number. It's that simple. I need that connection. It's 2015, not 2050. Web-services are not reliable break-glass procedures for unique and unanticipated customer problems.
Their re-set procedures churned through my back-up codes and did not work. I needed to call them and tell them that.
They don't want to let me.
I know the underlying strategy here is to maximize efficiency. I provide technical support in my job. Most requests are best handled over e-mail. But, everyone has my phone number. For the hundreds of dollars a year I was paying them, they can give me one too.
