I hate with a passion various security protections "for my benefit" that basically are very inconvenient and unusable. Let me give an example: in one case, I visited a website for the first time in several months (it may have a former small DRIP plan that I needed to access for filing my income tax form with the IRS); my old password (stored in a password repository) no longer worked. I had to complete a challenge question to have the website send a link to reset my password. The problem; I knew the correct challenge response, but it didn't work. There was no information in context on who to contact about persistent logon problems. Eventually I found a customer service number. It turned out that I hadn't set up my challenge questions yet (introduced interim between website visits). Then there were the annoying insistences that they insisted they had mailed me a tax statement and would be happy to mail a replacement copy (arriving after Tax Day, of course): if I had the tax statement in question available, would I be contacting them? [For example, I once had to move in late January, and some mail may have been misfiled.]
For those of us who are registered at dozens, even hundreds, of websites, with idiosyncratic password rules (in many cases, complex rules, sometimes only revealed after a failed attempt), it's ludicrous for website owners to believe we are going to access each constantly.
Another pet peeve, especially in dealing with cable or utility accounts, is being asked by customer support for arcane alpahanumeric account numbers over 10 characters long. (I try to maintain these in contact or password databases.) But the whole concept is unnatural; the account number is only relevant/meaningful from the vendor's perspective. And if you've ever found your customer service issue getting bounced to different departments, you often have to repeat various items of information. (Another annoyance: quite often in setting up a web chat, you have to supply problem statements, etc., and quite frequently the agent claims that he or she doesn't have it available.) All of this is Procrustean; we are the customers, but we are expected to accommodate the arbitrary rules for vendors' internal systems.
But one of the most exasperating things has to do with address validation on credit card transactions. On at least a half dozen or so occasions, I've found transactions failing with correct information. Let me say I used to work for a market research company about 20 years back. One of the things we often had to deal with was the concept of householding; for example, we could procure several mailing lists, but we would want to consolidate or dedup mailings across minor deviations in name and/or address. For example, I might be 'Dr. Guillemette', 'Ronald A. Guillemette', 'R Guillemette', 'Ronald Guillemette', etc., but the client, in order to minimize expenses, would want me to get just one copy of the mailing.
However, I don't know the specifics of how addresses are confirmed. In one case, I wanted to register a change of address via the USPS online. The process at the time required temporarily charging a nominal fee like $1--but in my case, the transaction kept getting rejected for some unspecified address issue. I ended contacting my credit card issuer, which claimed that its system showed that the transaction had, in fact, been approved. I had conversations with USPS personnel, but it went nowhere: they were in a state of denial. I think I ended up mailing the postmaster with my address change written out manually.
Yesterday, an Internet site was offering a smartwatch at a very good price. I normally don't wear watches, but I was intrigued with notification functionality. I ran into address validation issues; I tried tweaking my address multiple ways, all to no avail. I tried contacting customer support--which was not readily available on the website and I had to Google for an email address. The response was to the effect as added security (for my security benefit, of course) they required exact specification of my home address first line; I should check with my issuer to verify how they stored my address.
At this point, I was done. I was not about to spend another half hour trying to figure out the address issue for "my" benefit; I don't need a smarwatch that much.