dealing with user submitted data
Post on 17-Oct-2014
8.768 views
DESCRIPTION
This presentation was delivered at the IA Summit 2008 in Miami, FL.The wide-spread adoption of web-based services has helped people organize information, connect with loved ones, and share data through an electronic medium. This convenience, however, has spawned a massive proliferation of single-purpose user profiles, closed data repositories, and endless login credentials. Not surprisingly, people are quickly becoming less tolerant of experiences that require large quantities of personal information upfront.Deciding what information to ask a customer when creating an account is a literal balance between user needs and business needs. Users want to protect their privacy and provide as little information as possible. The business, on the other hand, wants to learn who their customer is, and ask as many revealing questions as possible.In this session, I will draw from my experience in redesigning the Yahoo! registration and account recovery systems. I will also show examples from other web sites, and suggest techniques to apply toward common IA and Interaction Design challenges faced in designing membership frameworks.This session will discuss the following topics:Making registration painless for your customersEncouraging accurate and truthful data entryKeeping the bad guys out but allowing for password recoveryTRANSCRIPT
Lucas PettinatiPrincipal Interaction Designer
Re-experiencing information:
Dealing with user-submitted data
DEVELOPER NETWORK
Part One Part Two Part Three
The reality of what’s out there
“There are only two industries that refer to their customers as users.”
Edward Tufte
“Not only do we use the internet, we use it for self gratification as well”
We want instant gratification
It’s easy and cheap to switch providers
We lie to protect our identity
CC By Töei
Little white lies
Little white lies
Care to guess how many users chose “CEO” as their title?Out-of-context questions beg for deception
Fear is part of the reason we act the way we do
CC By thisisanicephoto
3.6 million US adults in 2007 lost$3.2 billion between 2006 and 2007
3.6 million US adults in 2007 lost$3.2 billion between 2006 and 2007
3.6 million US adults in 2007 lost$3.2 billion between 2006 and 2007
Remembering account details is difficult
Password generators make things... um, better?
Your Password:’<[2.S(0s6(¢9z1&
“The most common user activity of a web site is to flee as quickly as possible.”
Edward Tufte
Embrace user needs and leverage their natural behavior
CC By shades of mediocrity
Part One Part Two Part Three
Improving the essence of user registration
PreNeeds unique identifier
PostEncourages transactions
ImmersivePromotes usage
3 kinds of registration
Immersive Registration
Immersive Registration
Immersive Registration
Connect with your user
vs.
Connect with your users
Connect with your users
Connect with your users
Connect with your users
Connect with your users
Connect with your users
design_dude
Ask only necessary questions
Ask only necessary questions
Ask only necessary questions
Only use unique IDs if necessary
CommunicationNeeds unique identifier
Banking & FinanceIncrease security
Only use unique IDs if necessary
CommunicationNeeds unique identifier
Banking & FinanceIncrease security
CommerceNo meaningful need
Only use unique IDs if necessary
CommunicationNeeds unique identifier
Banking & FinanceIncrease security
CommerceNo meaningful need
Use email or another common ID
@@
Respect your user’s locale
Respect your user’s locale
Use CAPTCHA wisely
CompletelyAutomatedPublicTuring test to tellComputers andHumansApart
• Provide audio version for the visually impaired
• Allow user to request a different image
• Beware of color-blindness limitations
• Use CAPTCHA to protect commodities like usernames
Part One Part Two Part Three
Dealing with forgotten credentials
The circle of online life
The circle of online life
Register Use Forget
The circle of online life
Register Use Forget
EmailSends email with current or temporary password
• Quickest method
• Assumes user controls their email account
ChallengeAsks for answer to a secret question in order to reset password
• Prone to repeated errors
• Works best when account information is up-to-date
• Predefined questions often have easy-to-guess answers
• Custom questions often contain, describe, or state the answer
ForensicConfirms account activity and details in order to reset password
• Verifies actions only known by the account owner
• Safest method
• Most difficult to implement
Account recovery mechanisms
Email recoveryPut the user in control
Email recoveryPut the user in control
Email recoveryPut the user in control
Email recoveryPut the user in control
Not asking for email address adds uncertainty
Challenge recoveryThink of life events
Since graduating from college I’ve had different:Postal codes 12xPhone numbers 6xEmployers 4xMoves 4x Cars 3xVacation spots 2xPets 2xFavorite food 1xFavorite movie 1x
Challenge recoveryThink of life events
Since graduating from college I’ve had different:Postal codes 12xPhone numbers 6xEmployers 4xMoves 4x Cars 3xVacation spots 2xPets 2xFavorite food 1xFavorite movie 1x
Forensic recoveryBe flexible
≠
Allow alternate paths
Allow alternate paths
Allow alternate paths
1
X1
ERROR
Account is
Locked
X2
ERROR
Password
Cannot be
Recovered
HELP
Customer
Care
LinkContact Customer Care
URL has .intl
argument
LinkForget your ID or password?
No{assume US}
Redirect to
KR account
recovery
.intl = KR
Set local to
US in English
Set INTL to
proper locale
Yes
Yes
No
1.1
What did you
forget?
CAPTCHA
Match
Inline Error
CAPTCHA
message
ButtonContinue
10
Forgotten
ItemForgot Password
Forgot Y!ID
Yes
1.0
Sign In No
Forgotten
Item
Forgot Password
Forget Y!ID
2
ID Exists
Access User
Yes
ID is a
disposable
email ID
VZ
Supersized
Y! ID
No
Yes
Rogers User
Yes
No
Yes
ERROR
Y! Access
InstructionsNo
ID
deactivated
No
No
Inline Error
No Y!ID
message
Alt Email in
UDB3Yes
Y!ID is
"Unrecoverable"
No
No
No
CAPTCHAForgotten
Element
Redirect to
"ID intl"
AR flow
ID intl differs
from .intlNo
Qualified
address list
size
1 or more
Zero
START
Next
address
Expired
Alt Email
Address
Disavowed
Alt Email
Address
Active or
Deactivated
Alt Email
Address
supplied at
registration
Address does not
qualify for ARNo No
No
No
Yes
YesAdd address to
list of qualified AR
email addresses
Qualified backup
email addresses
for AR
Yes
No
Yes
Yes
END
More
addresses in
master list
All backup email
addresses for AR
Yes
YAR Lockout?
No
Yes X1
Yes X2
Inactive
Alt Email
Address
Yes
No
*Always display CAPTCHA on error states
Yes
Increment AR
Badness counter
X3
Yahoo! ID
1.2
Confirm
Mobile Identity
Mobile
User?
Redirect to
Mobile
Process
Yes
DOB
ButtonContinue
No
X4
ERROR
Contact
Taiwan CC
.intl = TWNo
Yes
Taiwan YID Yes X4
AR possible
from .intlYes
Yes
No
Yay, we’re almost done
Summary
Summary
MINDSET
• Users want to retain their privacy and may be worried about ID theft
REGISTRATION
• Build a relationship prior to or with registration
• Be personable — use humor if appropriate
• Explain the value of questions if they may be seen as out of context
• Use an immersive registration process when possible
ACCOUNT RECOVERY
• Put the user in control of account recovery
• Remind users that their account may contain old information
• Use human support when possible