Self-serve password reset

Password reset

Raisin GmbH

Berlin-based FinTech Raisin GmbH is a trailblazer for open banking in the deposits and investments space. Available in the US and across 28 European countries, Raisin is consistently named one of Europe’s top five FinTech’s and is backed by investors such as Goldman Sachs, Deutsche Bank and PayPal.

calendar  Date:  2022
calendar  Role:  UX/UI Research and Design · Permanent
calendar  Team:  Product Owner (Berlin), Technical Research & Discovery Team (Berlin), Front-end Software Engineers (x2 Berlin), Back-end Software Engineers (x2 Berlin), Digital Marketing Manager (UK)

Background

I designed the self-serve password reset function to replace Raisin's previous process, which involved users manually contacting Raisin's Customer Service teams to request a 'change password' PIN letter to be sent physically to their home address in the mail. This process was both frustratingly inconvenient for the user and costly for the business, both time-wise and financially. My role was to research best practices and subsequently design a self-serve password reset function that resolved all of the issues associated with the manual process and which incorporated the principles of best practice for this type of function.

Research

During the research phase, I liaised with the Berlin-based UX and Graphics teams and shared my work-in-progress at 'Weekly Design Sync Huddles', which are basically remote ideation and feedback opportunities where all team members can share and align thought processes.

Huddle attendees contributed by adding comments and discussion points, under subheadings; 'likes' , 'dislikes', 'have you considered?' and 'I have a question', helping to establish a list of 'takeaway' points for design consideration.

Raisin Password reset screens 1 - 4 Raisin Password reset screens 5 - 8 Raisin Password reset emails

Designing the interface

  1. The first step was simple; adding the 'Forgot your password?' link to the relevant section of the login screen
  2. The first screen in the forgotten password journey is often met with frustration and potentially a little embarrassment on behalf of the user, therefore I wanted to use an understanding, lighthearted tone of voice in the initial dialogue; hence 'Don't worry, it happens!' as an introductory message of reassurance. The users is prompted to enter the email address associated with their Raisin Account in order to receive a reset link via email. Submitting the email address triggers the actual email (refer to image A) and displays screen 3.
  3. The user is prompted to check their email inbox (or junk mail) in order to access the reset link email.
  4. Once the user clicks the 'Set new password' link in the email, they are returned to screen 4 in the reset flow where they are guided through the process of creating and confirming a strong, new password. This constitutes the first authentication, as part of the two-factor (2FA) process used to verify the user.
  5. Clicking the 'Reset password' link loads screen 5, where they are prompted to confirm their identity by sending a verification code to their mobile phone. This is the second authentication in the 2FA process.
  6. Users enter the verification code which was sent to them, click 'Continue' and are taken to screen 7. A large proportion of Raisin's users are quite elderly, potentially falling into a 'vulnerable' category, therefore we anticipated potential issues whereby verification code and mobile phone familiarity could become obstacles in the process for some users. I added a 'Try another way' link, which takes users to a Customer Services page where they can receive direct assistance from trained Raisin staff.
  7. At this point, the user has completed their password reset and they are rewarded with a large, green affirmation. The user also receives a 'success' email (refer to image B) as a second confirmation of successful password reset.
  8. The 'Go back to login' link loads the log in screen once more, where the user's email is now pre-entered and the curser is pre-positioned in the password field, ready for the user to type in their new password and complete their login.

The technical implementation of the password reset function relies upon an open source identity and access management software tool and the user flow is designed to take advantage of the innate security features of this tool.

The new functionality was rolled out group-wide, across all Raisin platforms in Q2 2022, greatly improving both the experience for users and internal business processes.

The issues associated with the old process

  • Manual process, taking several days to complete
  • Negative impact on CS time (2021: 11,000 requests for manual resets)
  • Provides a poor user experience
  • High cost to maintain
  • Less secure; manual intervention

The value I added with the new, self-serve process

  • Faster process taking just minutes to complete
  • No impact on CS time
  • Provides a superior user experience
  • Lower cost to maintain
  • More secure, (2FA); no manual intervention

Want to know more?

If you would like to know more about my work, or have a new opportunity you want to share with me,
please email: