A tip when users need to send a code in SMS messages — use numbers
We did a usability study while researching some alternatives for users sending certain redemption codes to a system via SMS message.
Suppose for example a user needs to text something like
redeem [coupon code]
On one hand, you want a hard-to-guess code, so at first thought you might want to use an alpha guid such as
redeem WHIT
Suppose you might generate, say, 1000 different valid codes. At the low end you might use 4 random letters (ignoring case), so you’d have 26^4 = 456,976 possible codes, so it’s nice and compact and has nearly 500 invalid choices per valid choice. (Probably okay for texting to eliminate blind guessing, since you’d no doubt implement some method to catch and block a phone that is spamming the system with more than X invalid codes.)
So it effectively prevent false positives.
However, using random-alpha codes also garners a lot of false negatives.
Why? Damn you autocorrect. As soon as a user tries to enter random characters, autocorrect tries to ‘fix’ it so WHIT becomes WHAT. (For humorous examples of cell phone autocorrect in action, see http://www.damnyouautocorrect.com)
We found the error rate was much lower when asking for numeric input since (most) cells don’t try to autocorrect numbers.
The downside is you need to have a longer code to have the same invalid/valid ratio… for example if you know you have 1000 valid codes and want at least a 500:1 invalid/valid ratio you’d need 6 digits instead of 4 characters.
(Obviously, in a real app you’d use longer guids than shown here, but the principle is the same.)