Vodafone Secure Login
A UX/UI PROJECT
Client: Vodafone Australia
Customer Problem: Increasing fraud and scams put user data and money at risk
Business Challenge: Increasing fraud and security risks demanded the business move away from customers using passwords for login to their accounts on the website and app
My Role: — Assist the product team in exploring the feasibility of a proposed ‘Magic Link’ solution
— Design and test the UX and UI for the new customer authentication experience on web and app
— Replace a password login that users are comfortable with without causing excess friction, calls to care, or abandonment of use
— Design a solution that balances user needs, tech limitations, and Fraud requirements
Introduction
Due to increasing fraud and security risks, Vodafone wanted to move to password-less login for user accounts on the website and app. The solution preferred by the Fraud Team was a ‘magic link’.
A magic link consists of three user steps:
– The user enters their number or email address at login
– If the email address is known, an sms or email is sent with a link
– The user opens their sms or email client, and clicks the link to finish their login
Magic Links also effectively eliminate almost all authentication-related customer support questions (“I forgot my password”, “How can I reset my password?”, etc.).
Environment scan for best practices
Research into login security design and blogs determined best practices to aim for.
Best practices
Choice of how to receive link
Offer customers a choice of how they receive the link, such as SMS and email
Choice of mail application
Lead the user directly to their choice of mailbox app, based on the apps they have installed on their device
Allow opening on different devices
Design for cross-device scenarios, such as when a user starts journey on desktop but receives link on mobile
Link expiry
Add expiration logic for magic links
Don’t acknowledge invalid emails/numbers
Keep data secure and private by not acknowledging any invalid emails/numbers users might enter
Journey mapping
Using the Best Practices as a guide, I worked with the Fraud and dev teams to determine our own secure login user flow, and mapped this for all service journeys to understand key differences, such as NBN and Broadband customers not knowing their mobile number to enter and how they could find it.
Design
Ideation
Using the determined flow and pattern analysis for inspiration, I ran a design jam with the team.
Design jam insights
The design jam generated great ideas and insights for developing the UX, UI, and copy.
Copy ideas and new considerations
Ways to handle user change aversion
Unseen unhappy paths
Ways to ideas to reduce specific journey frictions
Designing
Inspired by the journey maps and design jam insights, I designed two prototypes with a goal to test the level of direction and/or simplification the screen could have.
Testing
Testing involved seeking answers to key experience concerns.
What are frictions for users comprehending the Magic Link function?
What are frictions to completing various login journeys?
Do users understand which number and email receive the link?
Will Magic Link work for all services (mobile, nbn, broadband, etc.)?
I also assessed the new login experience across various scenarios, for new and existing customers, web and app, post updates, etc.
Key testing insights
Comprehension of magic link
More detail/explanation was better than less for reducing change shock
Completion of login
90% completed with ease, users with English as a second language struggled somewhat, all appreciated the benefit of not needing to remember a password
Understanding which number/email is used
Most assumed the number the SMS/email was sent to the one ‘associated with the My Vodafone account”
Test copy variations
Any lack of clarity risked change aversion and abandonment
Service variations
The “How do I find my number” for different for nbn/broadband customers was missed
Testing copy iterations
The copy was extremely important in reducing change aversion and abandonment due to lack of clarity, so I worked vary closely with the copywriter to ensure testing insight was used at every instance of copy along various entry points to the login journey.
Final UI
After several iterations and playbacks to stakeholders, I developed the final UI.
Pre-launch awareness
To prepare existing users for the change to how they accessed the My Vodafone app, we explored the journey and service variations to determine how customers would be affected and how they needed to prepare, to determine design guidelines.
Customers can use an off-net method to skip login
This meant the dashboard would be the best location for messaging rather than the login screens
Customers need to know their Vodafone number
NBN and broadband customers would need guidance to find these numbers
Emails must be up-to-date
Customers would need guidance on how to check and update this email
Customer may need to refer to the change information more than once
The messaging must remain constant for ease of access until the new login experience launched
App dashboard messaging
Outcomes
In conjunction with the user-led design, and utilising a strong pre-launch strategy, the secure link launched with minimal confusion from users and reduced fraud risks.
Note: With fraud concerns changing rapidly, a post-launch pivot was required to provide customers only an SMS option to receive the link.
More projects
Research|UX|UI
Evolving an accommodation booking app
UX|UI
Designing Vodafone's first AI Chat Bot
User Research
Simplifying advice to parents and carers to help them support their child
Research|Service|UX
Modernising Australian Export Regulatory Process
UX/UI