Locked accounts

🔒

Locked accounts 🔒

 

Challenge

Modica is a global CPaaS platform supporting communication with any mobile on the planet. They do this via a suite of API’s (HTTPS, REST, etc) and applications (OMNI Web2SMS, etc).

From 1 July 2022 to 1 July 2023, a noticeable number of application accounts would be locked each month, due to invalid login attempts.

Operations costs to unlock accounts each year was in the tens of thousands. The cost to end-users was frustration, wasted time, and erosion of trust.

Response

After noticing the locked accounts during an analysis of support tickets, I mapped the current login/locking experience, gathered business requirements and proposed a solution.

MEASURABLE IMPACT

Locked accounts reduced by 80%.

This significantly reduced the number of frustrated users and saved the business tens of thousands a year in operational costs.

THEMATIC ANALYSIS

All support tickets for Feb 2023 were analysed. Locked accounts made up 16% of tickets.

13% were notifications of locked accounts, which then require multiple manual steps to reactivate.

3% were customers requesting more-urgent support to regain access, or expressing frustration.

 

gathered business requirements

Security

  • Maintain the existing security approach

Legal

  • Uphold a previous signed ‘Statement of Work’ regarding login

Product

  • The login page can be white-labelled, so cannot mention Modica Group

  • The resolution of locked accounts follows different pathways (because of the white-label relationships) so once an account is locked we cannot link a logical ‘next step.’

  • Must continue to support Federated ID / SSO login flow

 

MAPPED EXISTING FLOW

Focused on pain-points and error-prevention.

My strategy was to assist users to ‘escape’ from the unhappy path and take the happy path instead.

 

SOLUTION DESIGN

Heuristics

  • Error prevention: Swapped the ‘username’ field label to ‘email,’ as 95% of usernames are emails

  • Help users diagnose and recover from errors: Added view/hide capability to the password field

  • Visibility of system status: Changed the error copy to inform users of their number of attempts remaining + what the outcome of the final failed attempt will be, in advance

  • Help users diagnose and recover from errors: included links inside each error message, which drop users into the happy self-service password-reset flow

History

  • Humans have evolved to pay attention to movement: Added a ‘wobble’ animation on the penultimate error and ensured it was the only movement on the page

Hunches

  • In an attempt to reduce customer panic I swapped copy to say ‘locked’ instead of ‘deactivated,’ as it sounds less terrifyingly permanent

 
It’s making a massive impact in our team: it’s removed the noise and let us focus on actual tickets.
— Ash, Service Delivery
 
 

tools

JIRA - Google Spreadsheets & Docs - Figma - Confluence