I’ve never used Uber (or Lyft), but I know many people do, both riders and drivers. Some people think Uber is great. For riders, it’s convenient for getting from point A to point B. For drivers, it’s an easy way to earn some extra money.
With all due respect to those people who drive for Uber, I’m not a fan of the company’s business model. It’s just one of the latest ways to exploit people for the benefit of wealthy executives and shareholders. Unfortunately, many people need that extra income to survive. It would be better and more equitable if the company treated its drivers as the real employees they are and paid them commensurate salary and benefits. But that would cut into profits, and we certainly can’t have that!
But this post isn’t about that aspect of Uber. Instead, it’s about the pathetic software that drives their business. Discussion boards have various threads about how their drivers’ software often ends up screwing drivers in various ways, but I want to talk about one narrow part of Uber’s account management: two-factor authentication (2FA) or, as Uber calls it, 2-step verification.
On a whim, I downloaded the Uber app for iOS and created an account. To Uber’s credit, they provide a 2FA option. Many online sites don’t, so kudos to Uber for having it. Unfortunately, this is where things started going sideways in a hurry.
Problem 1: Uber appears to spend as little as possible on their software and their web site. This became more obvious as time went on, but at the outset, I noted that 2FA can be set up only in the app, not on the web site, even though both use the same credentials. I attribute this disparity to simple cost-cutting. Since Uber is a multi-billion-dollar company, there’s really no excuse for that.
Hey, Uber: Add 2FA setup on your web site!
Problem 2: When enabling (or disabling) 2FA, the app asks for the user’s password, which is totally appropriate. I entered my password, and the app displayed a red error message: Your account has temporarily been disabled. Visit help.uber.com for further assistance. I was still able to login and logout of my account with no problem, so I knew it wasn’t really disabled. Needless to say, help.uber.com was useless; there was nothing about this error. Their web site didn’t provide any obvious way to submit a problem report. As it turns out, the best way to contact Support is via Twitter (@Uber_Support).
Hey, Uber: You can afford to provide a contact form on your “support” web site!
Once I finally made contact and someone (might have) wiggled something, I was able to get past the error and set up 2FA. No explanation of any sort was provided about the cause or the resolution of the problem. I honestly don’t know if anyone actually did anything or if it was pure chance that it finally worked.
Problem 3: The app assumes that users will use Google Authenticator for 2FA, even though there are several compatible alternatives. I prefer a different 2FA app, but at the time, I had Authenticator on my phone for a couple legacy accounts. I don’t know (and would like to find out) what happens if Authenticator isn’t already installed on the user’s phone, but too late for me. The Uber app simply added its record to Authenticator and that was it.
Hey, Uber: Let the user decide what app to use for 2FA!
Problem 4: Because I wanted to try to use a different 2FA app, I decided to disable 2FA on my account and start over after deleting Google Authenticator. Unfortunately, disabling 2FA triggered the same error as before (see Problem 2). Once again, I contacted @Uber_Support. Once again, someone wiggled something (or luck happened again) and I was finally able to disable 2FA, although it took longer for the wiggle this time. Still no explanation.
Problem 5: After deleting Authenticator, I tried to re-enable 2FA and got the same error message. I’m still waiting for resolution, almost three months since I first reported the error. Apparently, there is nobody at Uber who has a clue what triggers that error message, despite having “worked on it” for months.
Hey, Uber: Stop telling your customers that you’re working on a problem when it’s obvious that nobody is actually working on it!
Problem 6: My Twitter and e-mail threads with @Uber_Support have gotten fairly long, since this problem is going on three months without resolution. A week ago, I replied to the last message I had received to see if there were any updates. To my surprise and dismay, I received an auto-reply that my case had been closed. I immediately checked and confirmed that the error message remains. I consider this to be symptomatic of Uber’s total lack of regard for their customers and the quality of their customer support. Someone closed my ticket to make their numbers look better. Who cares if some customer has a problem? Not Uber!
Hey, Uber: Stop closing support tickets without resolving the underlying problems and without notifying the customers involved.
It’s going on three months since I first reported the error message. Uber still apparently has no clue what’s causing it and/or doesn’t really care. If they have any qualified software engineers, he or she must be swamped with other things. Uber Support seems to want me to go away and stop bothering them.
At the rate they’re going, I will end up doing just that by deleting my Uber account.
Anyone for Lyft?
Follow-up
Shortly after posting this article, I happened to login on the Uber site using a new browser. Uber then sent me an alert to that fact. The alert also included a link to enable 2FA. By following that link, I was able to successfully set up 2FA on the computer (instead of the phone). I’ve verified that 2FA is now working as desired on the phone as well. However, I still find no direct link in the profile settings to set up 2FA via their web site. Maybe they’ll figure it out someday.