What Do I Need?
Where Do I Find a Store?
How Do I Find a Product?
How do I get Help?
How Do I Order?
When will I get my Package?
What about Returns?
Where Can I Go to Solve Problems?
Does the Store Want Me to Register and Log In?
Is registration, or membership, primarily a
convenience for the store, or for me?
If I register or become a member, will I be deluged with junk mail?
Why does the store want to know about my tastes, interests, age, and
Why do I have to create a user name and password?
Why are they sending me cookies?
What if I forget my user name or password?
Can I change my account information?
What is this log-in stuff?
Is registration, or membership,
primarily a convenience for the store, or for me?
Often, when you reach a store, you are invited to "log in," meaning to
identify yourself, using a made-up user name and a password.
And if you do not already have a user name and password, the store may nudge you,
subtly or not, to register, or "become a member."
On these sites, you see buttons taking you to areas with names like My Account,
Registration, My Profile.
So whats in it for you?
You do get some benefits from registering:
Once you register, you have given them your billing and shipping address, and
perhaps even your credit card information, so when you come to purchase something, you may
not have to retype all that. Nice.
If you start shopping and leave the site before making a purchase, and then come
back, the items will probably still be in your shopping cart, because the store recognizes
you and saves your shopping cart hoping you will continue. Non-members lose whatever they
put in their carts.
You may be offered a chance to do what Amazon calls 1-Click Shopping. You click
a button and the system applies all your membership information, including your shipping
address and credit card, so that you do not have to do anything more than click to make
the purchase. Dangerously tempting!
Of course, the stores suggest or demand registration because it is helpful for them,
Having your registration information already on file helps them fill out your
order form for you, lessening the chance of typos fouling up the process.
Because they have all this information on file, they can locate your order
faster, for order tracking.
The answers to the "optional" questions about your tastes, age, sex,
other products you own, and so on, help build a demographic profile of their audience,
which is very valuable for the marketing department.
If you allow them to send you email, your profile may allow the store to tailor
alerts, news bulletins, and specials so they describe products similar to what you have
already bought, or in line with your profile.
For all these reasons, registration may be required before you get past the welcome
Often, such stores offer a guest pass allowing you to taste the benefits of membership
for a few weeks, figuring you will be hooked, and sign up at the close of the free sample
period. We always try the free trial.
But watch out for "automatic conversion," where you innocently agree to let
the site turn your free pass into an annual fee, which just shows up on your credit card
statement, without your making another move. This approach stinks. Look for a guarantee
that you will have to make a positive statement that you want to become a member at the
end of the trial period, or a promise not to "convert" you.
Other sites offer substantial incentives for becoming a member, without absolutely
requiring that you sign up: members get lower prices, some kind of annual dividend like
that offered by a cooperative supermarket, extra research, faster information (such as
real-time quotes from the stock market), a newsletter, or email notification of products
that you might be interested in. (This is a benefit?)
If I register or become a member,
will I be deluged with junk mail?
But look for a promise of privacy. At the bottom of the registration form, watch for a
little button that says something like, "From time to time we like to let our members
know about special bargains. Is this OK? Yes, No."
Even if you let them send you email (this is called permission email), you probably
wont get more than one notice a month.
Just to be safe, look carefully at the first email that arrives, to see how you can
If the store is decent, they will tell you how to cancel the email, right there at the
top of the message.
If the store is run by weasels, and they dont give you an easy way to cancel,
then go to the site and start emailing the president until they give up and go away.
Why does the store want to know
about my tastes, interests, age, and marital status?
Just because theyre curious.
No, really its because they can tailor marketing pitches more precisely, using
this demographic data. For instance, if you are 30 and play video games, they have a hunch
youll be interested in the next Sega game console, whereas if you are 75, and
interested in golf and square dancing, they wont send you an email about the Sega,
but you might hear about that great new release, Square Dancing in Old Virginia.
But isnt this close to invading your privacy? Yes, it is. Decent sites allow you
to skip these slots in their form. (Often the required information, which has to do with
billing and shipping, has red asterisks next to it, or a little hand pointing to it.
And the extra info is marked "Optional.") Feel free to opt out.
If they insist on knowing stuff you dont want to reveal, leave their site and
never go back. You have plenty of other places to shop on the Web. If a site insists on
getting this kind of personal information without letting you opt out, you can figure they
will be rude in other ways, as well.
Also, check to see if the site advertises that it follows the rules of a privacy
watchdog like TRUSTe, a nonprofit group that sets standards, and polices the site to make
sure they follow those. For information, see http://www.truste.org
Why do I have to create a user
name and password?
Because their programmers are so lazy. Well, sort of.
You see, to keep your records separate from everyone elses, they need a way to
distinguish you from the other customers.
Unfortunately, many people have similar names, or the same names, so the names
arent enough to tell one customer from another.
Also, people move so often that the address isnt a reliable piece of evidence.
Now, an energetic programmer could simply identify you as your Name AND your Phone
Number AND your Email Address AND your ZIP Code. No one else would have that combination.
But, you guessed it, that is hard to program.
So the programmers fall back on a technique they learned when they used UNIX networks
back in school.
Just to sign on to the network, you have to give a make-believe handle (a user name)
and a password, and if those are on the list, you get access to the network. Same here.
The programmers just make sure that the user name and password combination is unique.
(You may have to try several times to get a unique user name.) So far so good.
Wouldnt it be great if you could use the same user name and password everywhere? You
Unfortunately, many sites require slightly different variations, so you cannot use the
same password and user name everywhere. Different sites require:
A different number of characters, minimum and maximum. For instance, at one site
your user name can be 6 characters long, but at another, it must be at least 15 characters
Various capitalization schemes: some uppercase letters and some lowercase
letters allowed, or no uppercase allowed. (And some sites let you type with upper- and
lowercase letters, then rewrite your user name entirely in lowercase letters, without
warning you, and later refuse to let you enter the site if you happen to use the uppercase
Various combinations of text and numbers, such as at least one number and one
letter in the password, no punctuation allowed.
A user name that no one else has chosen.
As a result, trying to meet different requirements, you may end up with half a dozen
user names, and as many different passwords. Who can remember all this stuff?
We have to write the different user names and passwords down, or else we cannot get
back into the sites. We have developed a list of more than 50 different name-and-password
combinations, because the sites made such inconsistent demands.
Caution: Do not make up a password based on your birth year, pet names, or
middle name, because if you do draw the attention of a hacker, these are too easy to
Most of us forget these weird combinations after a week or so. The best sites offer a
way of getting a hint (like your user name). You enter a question they can ask you when
you need a hint, and you give them the correct answer. Usually the hint should be
something you really can remember, like your mothers maiden name or your email
address. But even the hint doesnt give you both halves of the security apparatus:
the user name and the password. Thats why we recommend writing the combination down
on a yellow sticky (if no one else can spy it), or in a file created just to keep track of
all these codes.
Why are they sending me cookies?
Wouldnt it be great if every store sent you chocolate-chip cookies just for
visiting? Alas, the cookies you receive from some stores are just a bunch of electrons.
A cookie is a small file that the store sends to your browser after you register. The
cookie contains the stores name and a code identifying you, something like your
Customer Identification Number.
Next time you visit the site, the sites software asks your browser: "Do you
have a cookie with our name on it?"
The browser looks on your hard disk, in the directory for temporary Internet files, and
when it finds a cookie with the stores name on it, sends that back to the store.
The store digests the cookie and discovers your Customer Identification Number (or
whatever they call it).
In a few seconds, the store pulls up all your information.
You can tell that this has happened if you see a message such as "Welcome Lisa
Price" at the top of the welcome page.
The store has recognized you, thanks to the cookie exchange.
From now on, if you press the Buy button, the order form comes up with almost every
line filled in, because the store has drawn that from your customer record on their
So you give up a little hard disk space, sacrifice a little privacy, in order to avoid
retyping all that stuff. And from the stores point of view, the cookie is reassuring
evidence that you are who you say you are and, in fact, you are a repeat customer, the
Shopping.com calls the cookie "a visitors badge that lets you move from page
to page within password-protected areas of the site." (Those are the pages that deal
with ordering, and they live on the secure shopping server.) They urge you not to
"deactivate" their cookie. "Doing so means that your visitors badge
cannot be read, and this will prevent you from using the site. You cannot, for instance,
make any purchases without your cookie." You can see that from a stores point
of view an empty shopping cart is devastating.
If you dont like the idea of some stranger plopping a little file onto your hard
shop at some sites. If thats OK with you, heres how to keep crumbs off your
· In Internet Explorer 4.0 or later, click View, then Internet Options, and click the
Advanced tab. In the Cookie area, choose Disable All Cookie Use. If you just want to be
notified when someone sends you a cookie, choose Prompt Before Accepting Cookies. That way
you can judge the reliability of a site before accepting the cookies.
· In Netscape Navigator 4.0 or later, click Edit and Preferences, then choose
Advanced, and set the options for cookies.
What if I forget my user name or
What? You didnt write it down? Bad user! (Just kidding).
The worst offender in this area is a site that asks you to type in a 16-digit number to
identify yourself. They act as if you should remember this code, but I doubt that anyone
can, except maybe Millie the Magnificent Memorizer.
So what can you do if you have tried, say, half a dozen variations of your user name
and password, and been rejected every time?
You may be able to have the store email you with your password and user name,
sometimes in two different messages, for security. But that means waiting for a few
minutes, or a few hours, to get the secret codes. Meanwhile, you may be locked out, if it
is a membership site.
If the site offers a hint based on some secret you passed along to them during
registration, like your mothers maiden name, take the hint and get your user name.
At least thats a start. Now, what the heck was the password?
Open a new account. But, of course, because there is already an account for
someone with your name and address, the store may not accept your application, deeming you
a fraud, or interloper, pretending to be you. And opening a new account means typing in
all that information all over again. Tedious.
Can I change my account
Yes, there is usually some way to do this. You have to enter your user name and
password, and then choose something like Edit Information, or Change User Name or
Password. You make the changes, and press a button such as Save or Submit.
What is this log-in stuff?
In organizations with heavy security, like the Central Intelligence Agency, there is a
sign-in book at the door of every building and every floor, with a guard who asks you for
identification; you are leaving a record of your travels through the spook house.
When programmers created the first networks, they borrowed the idea of logging in from
Each user had to log in, identifying himself or herself to the system, getting
permission to use the network.
As far as the store is concerned, you are an unknown user arriving over the Internet.
By making you log in, they force you to identify yourself. Why do they care?
Well, if you have already registered, they can bring up your customer record and pour
its information into the order form as soon as you click Buy. Similarly, they can tell
whether you gave them any problems on your last order, like canceling or refusing to pay.
From the stores point of view, logging in as soon as you arrive also means that
they can locate your customer information, even if you have deleted (or refused) their
cookie, the little file they sent to your hard disk way back when you first registered.
Of course, if a store urges you in big letters to log in on the welcome page, they may
have organized everything in two tiers: the free information, available to anyone who
visits the site, and the good stuff, for which you have to register and log in. Some of
the investment information services adopt this model. They tempt you with lots of market
data, but force you to sign up (for a fee, or for free) to get real-time quotes or
research. In cases like this, logging in is a way of making sure you pay at the gate.