Skip to content

Vodafone Secure Login

A UX/UI PROJECT

Client:

Vodafone Australia

Customer Problem:

Increasing fraud and scams put user data and money at risk

Business Challenge:

Increasing fraud and security risks demanded the business move away from customers using passwords for login to their accounts on the website and app

My Role:

— Assist the product team in exploring the feasibility of a proposed ‘Magic Link’ solution
— Design and test the UX and UI for the new customer authentication experience on web and app
— Replace a password login that users are comfortable with without causing excess friction, calls to care, or abandonment of use
— Design a solution that balances user needs, tech limitations, and Fraud requirements

Client: Vodafone Australia

Customer Problem: Increasing fraud and scams put user data and money at risk

Business Challenge: Increasing fraud and security risks demanded the business move away from customers using passwords for login to their accounts on the website and app

My Role: — Assist the product team in exploring the feasibility of a proposed ‘Magic Link’ solution
— Design and test the UX and UI for the new customer authentication experience on web and app
— Replace a password login that users are comfortable with without causing excess friction, calls to care, or abandonment of use
— Design a solution that balances user needs, tech limitations, and Fraud requirements

Introduction

Due to increasing fraud and security risks, Vodafone wanted to move to password-less login for user accounts on the website and app. The solution preferred by the Fraud Team was a ‘magic link’.

A magic link consists of three user steps:
– The user enters their number or email address at login
– If the email address is known, an sms or email is sent with a link
– The user opens their sms or email client, and clicks the link to finish their login

Null

Magic Links also effectively eliminate almost all authentication-related customer support questions (“I forgot my password”, “How can I reset my password?”, etc.).

Environment scan for best practices

Research into login security design and blogs determined best practices to aim for.

Secure login pattern analysis

Best practices

Choice of how to receive link

Offer customers a choice of how they receive the link, such as SMS and email

Choice of mail application

Lead the user directly to their choice of mailbox app, based on the apps they have installed on their device

Allow opening on different devices

Design for cross-device scenarios, such as when a user starts journey on desktop but receives link on mobile

Link expiry

Add expiration logic for magic links

Don’t acknowledge invalid emails/numbers

Keep data secure and private by not acknowledging any invalid emails/numbers users might enter

Journey mapping

Using the Best Practices as a guide, I worked with the Fraud and dev teams to determine our own secure login user flow, and mapped this for all service journeys to understand key differences, such as NBN and Broadband customers not knowing their mobile number to enter and how they could find it.

Design

Ideation

Using the determined flow and pattern analysis for inspiration, I ran a design jam with the team.

Design jam insights

The design jam generated great ideas and insights for developing the UX, UI, and copy.

Copy ideas and new considerations

Ways to handle user change aversion

Unseen unhappy paths

Ways to ideas to reduce specific journey frictions

Designing

Inspired by the journey maps and design jam insights, I designed two prototypes with a goal to test the level of direction and/or simplification the screen could have.

Testing

Testing involved seeking answers to key experience concerns.

What are frictions for users comprehending the Magic Link function?

What are frictions to completing various login journeys?

Do users understand which number and email receive the link?

Will Magic Link work for all services (mobile, nbn, broadband, etc.)?

I also assessed the new login experience across various scenarios, for new and existing customers, web and app, post updates, etc.

Key testing insights

Comprehension of magic link

More detail/explanation was better than less for reducing change shock

Completion of login

90% completed with ease, users with English as a second language struggled somewhat, all appreciated the benefit of not needing to remember a password

Understanding which number/email is used

Most assumed the number the SMS/email was sent to the one ‘associated with the My Vodafone account”

Test copy variations

Any lack of clarity risked change aversion and abandonment

Service variations

The “How do I find my number” for different for nbn/broadband customers was missed

Testing copy iterations

The copy was extremely important in reducing change aversion and abandonment due to lack of clarity, so I worked vary closely with the copywriter to ensure testing insight was used at every instance of copy along various entry points to the login journey.

Final UI

After several iterations and playbacks to stakeholders, I developed the final UI.

Design mock-ups of Vodafone Secure Login, angled version

Pre-launch awareness

To prepare existing users for the change to how they accessed the My Vodafone app, we explored the journey and service variations to determine how customers would be affected and how they needed to prepare, to determine design guidelines.

Customers can use an off-net method to skip login

This meant the dashboard would be the best location for messaging rather than the login screens

Customers need to know their Vodafone number

NBN and broadband customers would need guidance to find these numbers

Emails must be up-to-date

Customers would need guidance on how to check and update this email

Customer may need to refer to the change information more than once

The messaging must remain constant for ease of access until the new login experience launched

App dashboard messaging

Vodafone secure login prelaunch comms

Outcomes

In conjunction with the user-led design, and utilising a strong pre-launch strategy, the secure link launched with minimal confusion from users and reduced fraud risks.

Note: With fraud concerns changing rapidly, a post-launch pivot was required to provide customers only an SMS option to receive the link.

More projects

UX|UI

Designing Vodafone's first AI Chat Bot

User Research

Simplifying advice to parents and carers to help them support their child

Research|Service|UX

Modernising Australian Export Regulatory Process

UX/UI

Designing a telco's cross-channel Click & Collect service

Research|UX|UI

Evolving an accommodation booking app

More projects

Research|UX|UI

Evolving an accommodation booking app

UX|UI

Designing Vodafone's first AI Chat Bot

User Research

Simplifying advice to parents and carers to help them support their child

Research|Service|UX

Modernising Australian Export Regulatory Process

UX/UI

Designing a telco's cross-channel Click & Collect service