Defining the Project
With the support of research, we defined the Project Plan.
Scenario 1: Users are unable to access accounts due to inability to complete the email reset process. Common scenarios include:
- user supplied a work address and changed jobs before updating profile
- user changed ISPs before updating profile
- user creates profile with a typo in the profile’s email address
- user cannot receive mail at the email address supplied for his/her profile (for a variety of reasons) - often times without knowing that this is the case.
Scenario 2: Users confused between 2FA configuration options and the options used for account recovery. Common scenarios include:
- losing one’s phone or phone number
- issues with Google Authenticator not working (sometimes it just needs to be reconfigured)
- SMS 2FA codes not being delivered, experiencing significant delays, etc...
Scenario 3: Users unable to change account ownership, often causing MailChimp to intervene. Common scenarios include:
- One person taking over managing an account for another person
- An employee being terminated, but still being set as the owner of an account
- The relationship between an agency and client ending and one of the parties claims ownership rights to an account, etc...
Goals & Antigoals
- Secure new users accounts
- Decrease call volume to Compliance
- Retroactively get current users to secure accounts
- Make security less accessible/understandable to our users
- Create gaps that allow for easier account takeovers
- Primary research
- Comparative analysis (Facebook, AdRoll)
- User Flows
- Design Critique
- Hi-Fi Mockups
- MoM reduction in average account access inquiries per month (currently 5,386*)
- MoM increase in users with at least 2 account recovery methods (currently 25%)
*Average account access inquiries from Oct. 2017–April 2018
Account recovery and 2FA related tickets represent over ⅓ of ticket volume handled by Compliance (On average ~166 account access tickets per day). Volume = ~5 people dedicated to only taking tickets of this nature - 7 days a week.
Historically, tickets in the account access space track consistently with customer growth at about .04% of customer growth - or 4,000 tickets for every 100K users.
Such high volume involving account access and ownership is concerning, as the subject matter is extremely risky and requires our support team to use significant discretion. As a result, we risk compromising user profiles/accounts by making mistakes or by becoming victims of social engineering.
...as ticket volume continues to grow and we need more and more people to perform current processes, we further increase these risks.
Regarding Use Case 1:
Only 25% of our users have actually configured an SMS phone number for recovery purposes, so users have to get help from Compliance... 15% of our users have only security questions enabled. However, we don’t currently use the security questions [to verify identity when users lose their password]... Approximately 60% of our users have neither option set (SMS or security questions).
Regarding Use Case 2:
Users do not have sufficient self-service paths to resolving issues with their second factor. There is an option within MC Admin to reset 2FA for a user. This option is helpful when a user is struggling with 2FA and where disabling 2FA for the user’s profile is not an option... However, there are other scenarios where 2FA needs to be disabled for the user’s profile. The only option to disable 2FA for a user’s profile is to log in as user and change the settings... logging in as user to perform various actions is not an approach that we want to continue... and lends itself to mistakes in general.
The Goal: We want to empower users to handle these issues entirely on their own and get MailChimp personnel out of the business of resolving these issues.
Audit (UX and Content) and Existing Flow
To kick off this project, I performed an audit of how we approach account authorization and verification on both the Web and mobile applications. I audited the signup, account recovery and security setup flows specifically. I then converted the signup experience into user flow to more deeply analyze the apparent gaps between platforms. Along with the UX audit, I worked with content strategy to align copy and messaging across platforms. To see project mocks more closely, please click here.
- I studied numerous experiences for which security is of high importance, such as Google, Facebook, Dropbox, Turbotax, H&R Block and Bank of America
- I used these experiences to create a "best practices" research document, which informed my design
- We can learn from what mobile is doing through their current SMS account activation method
- Aligning mobile and Web signup flows can close experience gaps
- Introducing account activation via SMS to secure account in new user flow can mitigate future compliance volume
- Follow-through dialogs can drive existing users to provide additional forms of verification to enable account recovery self-help
- There are "back doors" that enable users to enter their accounts without fully activating; we must close these loopholes
We aim to further secure existing users AND to reimagine a more secure experience for new users with more opportunities for self-service for all.
- Using primary and secondary research, I produced several design iterations with the guidance and feedback of design and technical leadership
- The high level changes we've proposed will roll out in two phases, as is outlined below
- To see project mocks more closely, please click here.
Phase 1: changes to Web signup (new users)
To decrease the likelihood of error when activating via email:
- Addition of a "Confirm Email" field
- Enabling user to edit their email address if not experiencing success
- Adding copy to inform user to check their spam if experiencing issues
- In time, we hope to "kill" the backdoor loophole in which users can enter their account without activation
Phase 2: changes to Web and mobile experience (new and existing users)
Aligning Web and mobile signup to close gaps in the experience and eliminate dead ends/loopholes:
- Both mobile and Web will default to mobile # activation, up front in the flow
- We will default users to use this # for 2FA, with the option to opt out
- Enabling user to edit their mobile # if experiencing issues, with option to activate via email instead
Improving password recovery to increase account security and enable users to self-help:
- Now adding/utilizing both mobile # and security questions as reset/recovery methods (on both platforms)
Addition of follow through dialogs to increase account security and enable users to self-help:
- We propose gamifying account security health to encourage users (new and existing) to add as many security factors as possible
- Users will be able to configure additional factors such as security questions and backup email in one place, once again enabling more opportunities for self-help
Status / Next Steps
- Prioritization/additional resources
- Test and validate with users/folding in research
- Engineering resources to gauge level of effort
- Further addressing Scenario 3:
- The technical recommendation is to limit privileges for MailChimp admins, to avoid security risks
- However, how might we empower users to better confront account ownership issues down the line?
- Ensure that the owner profile’s email address is always synonymous with the “Primary Contact”
- Provide content explaining how ownership works and opportunities for self-service