Re-designing the Password Helper experience to instil more customer trust in the Postmedia brand
The Problem
Postmedia Network aims to enhance the security of registered audience passwords by implementing standard password rules. A new registration process is proposed for audiences who registered within the last 12 months, ensuring adherence to secure password standards. My goal was to create a seamless experience with minimal customer service support needed so as to reduce service costs and improve efficiency.
Initial feedback from stakeholders and user research revealed:
Many audiences are not "tech-savvy."
Limitations exist in messaging/copy on the registration/sign-in modal, as it cannot be changed once an audience member resets their password.
Audiences may be surprised or upset to encounter a message on the modal if they missed the email explaining the tighter security requirements, potentially leading to a loss of trust in the product.
With increase in security comes complexity for users.
Given the tight deadline for the password helper rollout by the end of November 2020, the project commenced with collaboration with various stakeholders to gather details and constraints. The focus was on understanding the new requirements and limitations within the password reset flow. The identified password requirements and intended user task flows were twofold:
1) Ensuring all users have passwords meeting minimum security standards (alphanumeric, minimum character length),
2) Requiring all active users in the database to reset their passwords.
Users will be prompted to reset their password when they login from a modal already built into the log-in page. They will also be sent an email to alert them of the password reset process.
Based on initial user research, we anticipated that the implementation of new requirements would lead to a high volume of user complaints and potential frustration, particularly if users were automatically logged out. To gain a deeper understanding of potential sources of confusion, my research partner (Karan Kashri) and I conducted additional interviews and user testing. Collaboratively, we identified a behavioral archetype that aligned with this user group, providing valuable insights to guide the design process and address the impact of the change on their day-to-day experience on the site.
Our behavioural archetype which represents 70-80% of our users facing issues with the reset - Sam
Our main goals during the research were:
Assess the intended flow → Understand how and why audiences select either access points (email vs sign-in modal) to update password
Understand the factors affecting ease of use of resetting password
a. Evaluate the perceived understanding of copy on prompts on email and sign-in modal
And here is what we have found :
https://app.mural.co/t/subscriberjourney2399/m/subscriberjourney2399/1603220526067/e7626b78eeb5980e9c299c41032ab9f984e1687c
Uncovering pain-points through iterative research:
The current interface creates ambiguity around why participants have to reset password
“For people who have English as a second language or for people who have a cognitive disability, that type of email is not conducive to their understanding. It is very very lengthy. People with cognitive disabilities still read the news you know, for senior citizens too that email is too complex.”
Confusion around what password requirement (of three) was not met
“I don’t know which condition I did not satisfy.”
SSO participants will not reset password is not clearly indicated
Most participants have credentials saved on their devices, so many were confused if they will need to set the password or not.
Close button leading to home page
No clear theme if participants expected to be signed-in/out after resetting password
Journey Map of our persona Sam which outlines the reset password process.
Resulting Design Principles From Research
Based on our user research we have narrowed down to 2 main principles that the design should aim to cover in the reset experience:
Ease of Comprehension
Making sure that readers understand the intent of WHY they are being asked to reset their passwords and WHY they need to set a stronger password.
Clarity and Confidence
Making sure readers can visually see the password they enter.
Instil confidence in users when typing in their password.
Changes that we have made
Double Entry of New Password
Double confirmation to instil confidence. Originally - I proposed to have a show and hide icon for the same validation purpose. This idea was replaced by the double entry method as the developer was unable to replicate the design after a few spikes. Hence the next best option is for users to type their passwords again.
Real time password requirements checker
Real time password requirements checker that tells the user which requirements they have completed or not. Colour, icon and word indication of requirements were put in place to ensure accessibility of the piece.
Clear & concise email copy and direct link to reset helper
Simple and direct link to helper from email. A less crowded piece of text has been scientifically proven to induce an impression of an easier task to complete.
Step by step video tutorial for easy reference in FAQ
Easy video to follow for people who have difficulty understanding. FAQ link is available in every page of password reset modal.
Final Password Reset Flow
View the final improved flow below on Youtube.
Final Thoughts
Through this project, I've learned that simplicity often proves to be the most effective solution. Iterating on various designs revealed that many user groups prefer straightforward designs over overly complicated or gimmicky ones. The straightforward design proved sufficient for users to understand the rationale behind changing their passwords. Notably, one month after implementation, call center complaints significantly decreased, resulting in substantial cost reductions for the company. Given additional time and resources, I would explore incorporating a "step-by-step onboarding" experience for password resets within the module.