MyMassGov

Integrating a passwordless login experience

Web Application
Project Overview
How might we give users the option to log in without a password, while still preserving the password option? During my summer internship at the Massachusetts Executive Office of Technology Services and Security, I worked with a research and design team to integrate a passwordless login experience to MyMassGov, a secure service that allows members of the public to use a single account and password to sign in to all participating Massachusetts state services and applications.
Skills
  • Using a design system
  • Competitor research
  • Designing with technical constraints
Team
  • Me: resesarch, design
  • 1 researcher and designer
  • 2 designers
Timeframe
2 months
What is MyMassGov?
Currently developed and maintained by the Massachusetts Executive Office of Technology Services and Security, MyMassGov is a secure service that allows members of the public to use a single account and password to sign in to all participating Massachusetts state services and applications.
Project Stages
🔎  Research
📝  Design
↪️  Outcome and Takeaway

1.

Research
How is passwordless login being implemented on other sites and services?

I scoured the web for sites that use passwordless login. Examples I found included Chewy, Roblox, Levi's and Walmart. Our project manager wanted an example of a site that had the email input field on a separate screen, and Walmart was the only flow that matched that condition.

What are best practices for passwordless login?

I consulted various articles for information on best practices for a passwordless login experience. Here's what I found:

🔍 Findings

  • Having a passwordless sign-in option is itself a UX best practice for sign-in
  • Many sites use OTP for Two-Factor Authentication, which is requiring an OTP in addition to username and password
  • Two common options for displaying field where user enters OTP: separate boxes and single input field
  • Most sites that were surveyed display email and password input fields on same page
Flows

I documented the basic flow that I saw across multiple websites, as well as the MyMassGov forgot password flow, which also utilitzes a one-time code.

2.

Initial Designs
Design Roadmap

Our design journey was iterative and, although linear storylines are vulnerable to oversimplification, this roadmap is a rough overview of our process.

Exploration

Although we liked Walmart's radio buttons design, we explored other options, and I mocked up a version of the first screen using bullets and an accordion-style dropdown.

Bullets
Accordion

While both designs conveyed the correct hierarchy for the user making a choice with two options, neither design had one clear call to action. We returned to radio buttons, as used by Walmart. However, for users entering a password, this approach lengthened the flow by one screen. When we tried putting the password entry on the same screen as the radio buttons, the button text became vague. In Walmart's example, the button text changed dependent on which radio button was selected, but our team was informed that our platform could not have that functionality.

Furthermore, after meeting with the lead developer for our project, we were informed of additional technical constraints. Our platform, Azure, used very specific templates, and our designs did not fit into any of the templates. Thus, facing this problem, we began another phase of exploration.

In our best iteration at this stage, we added the link to use a one-time code below the main call to action (CTA). However, there were several problems with this design:

  • Introduces another CTA, among an already large number of CTAs
  • Very limited on placement of CTA
  • No way to present it as a choice between two CTAs
  • No room for explanation of one-time code method

Another option that would not require the addition of another CTA would be to make use of one of the current CTAs, such as the "Forgot password" link, and incorporate the one-time code flow into the existing "forgot password" flow.  At this point, our team faced 4 options:

We decided that the most efficient and clear option was to adjust the "Forgot password" flow to incorporate signing in with a one-time code.

SOLUTION

Integrate the one-time password into the “Forgot password” flow, allowing users to sign in directly after entering the verification code

  • Users won’t need to create a new password before they can get into their account
  • Login with password flow is unchanged

This solution involved a copy change on the main login screen, and the addition of a new page with radio buttons that was presented to the user once they had verified their identity.

New Page

3.

Outcome and Takeaways

OUTCOME

The revised “Forgot password” flow has yet to be implemented

  • Team may switch from Azure to a different platform
  • Identity verification is being prioritized, and the passwordless flow may be integrated with identity verification

Takeaways

  • My first time working on a real, shipped project
  • I’m inspired by MyMassGov’s large potential impact
  • I loved working within a design system
  • I learned many Figma tricks and received great feedback from the senior designers on the team

←  

View previous project

View next project  

→

hey, check out this playlist!
LinkedInGitHubEmail