RESET PASSWORD

PROJECT OVERVIEW
Our project aims to improve the reset password feature in our application by moving from a deep link-based system to a smooth native flow. This transition prioritizes user experience, security, and reliability, ensuring a seamless process for users facing password-related issues.

THE CONTENTS

Previous password reset flow & Limitations
Design Ideation & design feedback
Refined design
Usability testing overview
Design recommendations
Final Designs
Prototype

PREVIOUS WEB-BASED PASSWORD RESET FLOW

Mobile App

Website view

Limitations in the above design

Dependence on Email Links
The above design relied on email links for password reset, which could be susceptible to issues such as email delivery delays or being marked as spam.
Security Concerns
Email-based password reset links may pose security risks, as they could potentially be intercepted or accessed by unauthorized parties, compromising user accounts.
Limited Accessibility
Users may face accessibility challenges if they are unable to access their email or the reset link due to factors such as forgotten email passwords or technical issues with their email provider.
Inconsistency Across Platforms
The web-based password reset flow may not provide a consistent user experience across different devices and platforms, leading to disjointed interactions and potential usability issues.

DESIGN IDEATION

App Login Page

Enter Email or Membership Number

Provide One-time password and timer

Create a new password

Hide the password

Autofill OTP number

Feedback on above design

Infosec Feedback
Infosec recommended exclusively relying on mobile OTP due to high spam rates, with the option to contact the SIA service office if OTP fails

Infosec Feedback
To strengthen security, Infosec recommended adding a mobile number field linked to the user's membership number for authentication.

Development Technical Difficulties
Tech limitations involve time-consuming steps like proceeding directly to OTP verification after users input their KF membership number. To streamline the process and save time, we'll leverage the same flow as the website, allowing users to receive the OTP for their phone after creating a password.

REFINED DESIGN

App Login Page

Enter Email or Membership Number and mobile number

Create a new password

Hide the password

Provide One-time password and timer

Autofill OTP number

USABILITY TESTING OVERVIEW

Tools Used : Maze
Total Participants : 63 Users

Moderated Test : 9 Users
Unmoderated Test : 54 Users

Will users experience any friction if we introduce an additional field asking them for their mobile number on top of email before they can reset their password?
Which medium users prefer more for password reset?
Is the flow of creating a password before having to submit an OTP acceptable to users?

Goal

Mission Outcomes

90.2% (57) successfully completed the task, this estimate could vary between 82.07% and 96.9%

The flow received a rating of 4.47/5, indicating its ease of navigation in the password reset process.

User Comments

Straight forward, easy to navigate thru
Should provide alternate way to do OTP for people who are overseas/times when they are in environments where mobiles phones aren’t allowed.
It was concerning to see the screen to enter a new password before any verification was done.

Follow up Questions

Multiple choice Question

Which platform is convenient for you to use to reset your password?

Both
Email
Mobile (SMS)

55% (29) users have voted for both email and mobile.

DESIGN RECOMMENDATIONS

UX Recommendation

Reason

To proceed native mobile OTP and provide a deep link for email-based password reset.

A significant number of users have chosen both mobile OTP and email as their preferred methods for resetting their passwords. To enhance user convenience, we will go with mobile OTP flow as the native flow for password reset. However, in view of infosec concerns associated with the email flow, we will provide users with a link to the page for resetting their passwords via email.

To move forward, we've opted to incorporate an additional field for mobile number alongside the email address. However, given that users may have multiple mobile numbers associated with KF, we've chosen to use date of birth for authorization.

The flow received a rating of 4.47/5.
None of the users commented on the additional field for the mobile number.

To proceed with allowing the creation of password before SMS OTP

Majority of users did not raise any concern about the flow.
Only 1 out of 62 users raised concerns about creating a password before submitting the OTP.

FINAL DESIGNS

FEEL THE EXPERIENCE

Imagine you are Mr. William Lee and trying to reset your password via mobile
Click on the prototype to immerse yourself in the experience.

OTHER PROJECTS

DYNAMIC PRICE CALENDAR

CONTEXTUAL SPINNERS

RESET PASSWORD

PROJECT OVERVIEW Our project aims to improve the reset password feature in our application by moving from a deep link-based system to a smooth native flow. This transition prioritizes user experience, security, and reliability, ensuring a seamless process for users facing password-related issues.

THE CONTENTS

Previous password reset flow & Limitations

Design Ideation & design feedback

Refined design

Usability testing overview

Design recommendations

Final Designs

Prototype

PREVIOUS WEB-BASED PASSWORD RESET FLOW

Mobile App

Website view

Limitations in the above design

DESIGN IDEATION

App Login Page

Enter Email or Membership Number

Provide One-time password and timer

Create a new password

Hide the password

Autofill OTP number

Feedback on above design

REFINED DESIGN

App Login Page

Enter Email or Membership Number and mobile number

Create a new password

Hide the password

Provide One-time password and timer

Autofill OTP number

USABILITY TESTING OVERVIEW

Tools Used : Maze Total Participants : 63 Users

Moderated Test : 9 Users

Unmoderated Test : 54 Users

Will users experience any friction if we introduce an additional field asking them for their mobile number on top of email before they can reset their password?

Which medium users prefer more for password reset?

Is the flow of creating a password before having to submit an OTP acceptable to users?

Goal

Mission Outcomes

90.2% (57) successfully completed the task, this estimate could vary between 82.07% and 96.9%

The flow received a rating of 4.47/5, indicating its ease of navigation in the password reset process.

User Comments

Straight forward, easy to navigate thru

Should provide alternate way to do OTP for people who are overseas/times when they are in environments where mobiles phones aren’t allowed.

It was concerning to see the screen to enter a new password before any verification was done.

Follow up Questions

Multiple choice Question

55% (29) users have voted for both email and mobile.

DESIGN RECOMMENDATIONS

UX Recommendation

Reason

To proceed native mobile OTP and provide a deep link for email-based password reset.

To move forward, we've opted to incorporate an additional field for mobile number alongside the email address. However, given that users may have multiple mobile numbers associated with KF, we've chosen to use date of birth for authorization.

To proceed with allowing the creation of password before SMS OTP

FINAL DESIGNS

FEEL THE EXPERIENCE

Imagine you are Mr. William Lee and trying to reset your password via mobile Click on the prototype to immerse yourself in the experience.

OTHER PROJECTS

DYNAMIC PRICE CALENDAR

CONTEXTUAL SPINNERS

TRUCK SERVICE

PROJECT OVERVIEW
Our project aims to improve the reset password feature in our application by moving from a deep link-based system to a smooth native flow. This transition prioritizes user experience, security, and reliability, ensuring a seamless process for users facing password-related issues.

Tools Used : Maze
Total Participants : 63 Users

Imagine you are Mr. William Lee and trying to reset your password via mobile
Click on the prototype to immerse yourself in the experience.