This is an academic project for course Interaction Design Practice. We worked 1Password, which is a desktop app that allows users to create strong unique passwords. The aim was to encourage users to use password generator to create strong unique passwords.
I participated in the research, problem solving, usability testing, and was mainly responsible for interaction design, visual design.
ABOUT THIS PROJECT
Users just store their original passwords using the product without making an attempt to strengthen them.
USER WORKFLOW ANALYSIS
Current Workflow is Complicated, and Not Intuitive.
1Password provides an desktop app and a web browser plug-in for users to create and store their passwords. In order to understand why most users tend to just store their original passwords, instead of strengthen them, we analyzed the current user flow of two use cases:
1) Change password for an existing account
2) Sign up for a new account using password generated by 1Password
What we found was that the changing process is complicated, as well as the web browser plug-in wasn't perform actively when needed.
Change password for an existing account
Sign up for a new account
Why do users want to go though those steps to do an easy thing?
"It's Inconvenient, And I Trust My Brain More"
User flow analysis on current experience gave us an initial understanding of the problem. We still wanted to dig deeper: what do 1Password users think of the experience, how do they normally use it, and most importantly, why? Semi-structured interview were conducted among 3 users, below are some of the quotes from the inetrview:
“I have used 1Password for 2 years, and I think it’s doing a good job. One thing bothers me is that when I use a public computer, I will need to look at my 1Password mobile to find the password if I don't remember it. So I need also memorize my important passwords”
"I use a rotating set of about 6 different passwords roots with varying combinations of numbers and capitalization for all the accounts I care about or have sensitive info. Then for all the other internet nonsense use a weak password (social sites, forums, ...i.e. anything that is replacable). My passwords are something people would not even think about it, it works perfectly for me."
"I am bad at memorizing passwords so my friend recommend 1Password to me. It is convenient for storing passwords, but to change a password is not convenient at all. It is really confusing. And I don't really want to user those random strings as my passwords."
Trust? Actually Memorability
People trust their own brain much more than trust 1Password. Why? It scares people with long and wierd strings, they worry about remembering them. This is the main reason that people trust their own passwords, which they can memorize.
Users are not aware of the security problem of passwords, which means the product itself doesn’t well motivate users to strengthen their weak passwords by using the generator.
The Password Generator is hidden in both desktop app and web browser plug-in. How can users think of it even when they want to strengthen their password?
They Don't Use Password Generator Because...
Strengthen an old password takes too many steps and is not intuitive enough for novice users to follow.
Design for Security and Design for Convenience
From user interviews we found that there are two different use cases: important accounts v.s. unimportant ones. How can we leverage different goals based off different use cases? We came up with different ideas on each goal and iterated on them.
For important accounts, such as Chase, Amazon, users care more about security, which makes password changing behavior possible to happen. To streamline the password changing process, and reduce memorabilty load should be the main design goal here.
For unimportant accounts, users care more about convenience, which means there are less motivated to change old passwords. While simplify sign up process for those unimportant accounts can be the design opportunity here.
Notification number on the desktop app icon arouses user's attention.
Open the app, insecure accounts are categorized under "Insecure Items". The security level of each password is presented in the list with strength bars, so users will have a holistic view of their passwords’ security situations.
In the detail page of an account, the "Strengthen" button right beside the password will direct users to the corresponding website.
Easier to Remember
Once users go to settings on the website, the 1Password icon will show on the text field for entering new password. Clicking password text field will trigger the password generator to pop up right beside the text field. It not only streamlined the process, but make password generator more obvious to the user.
What's more, by checking "Based on my old password", user will be able to add an extra string of letters to their old password. This way not only strengthened the password, also made it possible for users to remember the new password.
When users register for accounts they less care about, for example, register to download something, they can simply click on the 1Password icon near the email text field, then use their frequenly used emails. And a strong unique password will be generated and stored in the 1Password. This way the registration process is largely streamlined, and the usage of 1Password Generator is promoted.
Rapid Iterative Testing and Evaluation (RITE)
With our initial ideas, we evaluated them based on our research results and technical feasibility, as well as asked for feedbacks from different people. One of the biggest challenges was design for memorability. We thought about using combinations of meaningful words, creating variations based on old passwords. And we decided to go with the idea of adding a word string after old password - similar to use a password hint, it's easy for people to understand, possible to remember. Paper prototypes were made and we ran 3 rounds of usability test utilizing the RITE method.