Authenticator re-design
Re-imagining the passwordless authentication experience.
BACKGROUND
During the Summer of 2021, I worked at a cybersecurity company that is working on providing passwordless experience solutions to employees and consumers. They do so by turning smartphones and computers into encrypted credentialing devices, where users can log in to their various accounts without entering a password.
When I joined the company, they were purely focused on the workforce space— for that reason, their authentication app experience was fairly simple and didn't require onboarding, as employees were onboarded to it by their IT department. However, their goal was to go for the consumer market which would require quite a bit more user education to understand how to use the app
I worked on exploring new design approaches and ways of onboarding consumers to the Beyond Identity app.
Role
Senior end-to-end product designer.
Challenge
Re-imaging the passwordless authentication experience in a way that is easy to understand for users.
Team
I was the main product designer on the authenticator team working with a product manager and engineer team.
DESIGN SPRINT
In June 2021, the product design team consisting of me, another product designer, and the head of design, went through a design sprint where we examined the state of our current authenticator and went through the process of re-designing it.
The main challenge we were trying to address was: how do you challenge users' existing mental models around passwords? How do you explain to the lay consumer that they can access accounts without a password, and more importantly, how do you build trust?
Our existing authenticator, although effective in the authentication experience, did not do a good job of explaining the value of Beyond Identity.
We started the week by defining what Beyond Identity does and defining key concepts that we'd need to communicate to consumers. We started mapping out what we meant by building a 'chain of trust' across a user's devices and what the optimal experience could look like.
We decided to explore naming the app something a bit simpler and easy to understand — something that could represent what a credential is in a way that a lay user could connect with.
Our goals were:
-
To provide a secure and convenient authentication experience for end-users
-
To help platform administrators (such as developers) provide end-users with ubiquitous access from any devices
We gathered inspiration from competitors and examined how they positioned their value in the market.
Throughout the week, we went through serveral rounds of rapid prototyping and testing with friends and family. Our aim was to come away with a general direction to continue moving forward with a re-design. We tested various approaches in terms of language, and the use of illustrations to better represent how users could authenticate without a password.
In general, we found that using graphics, imagery, and simple language was most effective in communicating our value. We ended the week with a strong direction to go forward with, which led me to continue user testing, defining the app's IA, designing, and running a follow-on workshop with the rest of the team.
USER TESTING
After our design sprint, I ran a series of user tests with 6 users of varying backgrounds to inform our next steps. Through these tests, we found several trends:
-
Users liked the idea of not having to set or manage passwords: Several users remarked that they enjoyed the explanation and concept because they hate having to manage passwords. This was particularly relevant to older demographics who use things like their Notes app to remember their passwords.
"I can see that this is something they are trying to sell to me that I can start using my apps without actually having a password, which I absolutely hate! I wish with the blink of an eye I could open my apps without a freaking password." - User tester, 60s
-
However, they felt uneasy linking accounts to their phone: Users were still unclear about the purpose of replacing passwords with credentials, and why that was better for them. It made them feel like they had less control over their accounts.
“I would want to know how I can stop it. How do I log out of Etsy. What if I want to switch accounts. How do I get rid of this?”
-
Some users felt like creating a credential was too fast and easy, which made them question whether they could trust it. However in general, most users mentioned being interested in using this to replace their passwords because it's so easy even though they didn't fully understand it.
"I would do it because it’s easy but I have no idea what I’m doing."
Through this testing, we learned that while we were doing a good job at making the passwordless experience easy, we would continually struggle to challenge users' mental models around passwords. We'd have to continue testing new ways to show our value and help users trust our technology.
WORKSHOPS
After our design spring week, I ran a workshop to start involving the rest of the product team into the re-design process, including product managers and engineers. There, we started to define what user tasks we were trying to solve with our authenticator, and how we could solve these using our product framework.
We agreed on challenges to tackle, initial scope, and the jobs to be done for the first iteration of the authenticator redesign.
Leveraging the insights gained from this workshop, I started work an information architecture diagram of the new authenticator — including existing parts of the app, and future features that were either already in development or were planned to be included in the coming months.
RESULTS
We built a version of the redesigned authenticator for a hackathon using Flutter. Many of our original designs were adapted to leverage the material design framework as this would make development faster and easier.
