Lucas PettinatiPrincipal Interaction Designer

Re-experiencing information:

Dealing with user-submitted data

DEVELOPER NETWORK

Part One Part Two Part Three

The reality of what’s out there

“There are only two industries that refer to their customers as users.”

Edward Tufte

“Not only do we use the internet, we use it for self gratification as well”

We want instant gratification

It’s easy and cheap to switch providers

We lie to protect our identity

CC By Töei

Little white lies

Little white lies

Care to guess how many users chose “CEO” as their title?Out-of-context questions beg for deception

Fear is part of the reason we act the way we do

CC By thisisanicephoto

3.6 million US adults in 2007 lost$3.2 billion between 2006 and 2007

3.6 million US adults in 2007 lost$3.2 billion between 2006 and 2007

3.6 million US adults in 2007 lost$3.2 billion between 2006 and 2007

Remembering account details is difficult

Password generators make things... um, better?

Your Password:’<[2.S(0s6(¢9z1&

“The most common user activity of a web site is to flee as quickly as possible.”

Edward Tufte

Embrace user needs and leverage their natural behavior

CC By shades of mediocrity

Part One Part Two Part Three

Improving the essence of user registration

PreNeeds unique identifier

PostEncourages transactions

ImmersivePromotes usage

3 kinds of registration

Immersive Registration

Immersive Registration

Immersive Registration

Connect with your user

vs.

Connect with your users

Connect with your users

Connect with your users

Connect with your users

Connect with your users

Connect with your users

design_dude

Ask only necessary questions

Ask only necessary questions

Ask only necessary questions

Only use unique IDs if necessary

CommunicationNeeds unique identifier

Banking & FinanceIncrease security

Only use unique IDs if necessary

CommunicationNeeds unique identifier

Banking & FinanceIncrease security

CommerceNo meaningful need

Only use unique IDs if necessary

CommunicationNeeds unique identifier

Banking & FinanceIncrease security

CommerceNo meaningful need

Use email or another common ID

@@

Respect your user’s locale

Respect your user’s locale

Use CAPTCHA wisely

CompletelyAutomatedPublicTuring test to tellComputers andHumansApart

• Provide audio version for the visually impaired

• Allow user to request a different image

• Beware of color-blindness limitations

• Use CAPTCHA to protect commodities like usernames

Part One Part Two Part Three

Dealing with forgotten credentials

The circle of online life

The circle of online life

Register Use Forget

The circle of online life

Register Use Forget

EmailSends email with current or temporary password

• Quickest method

• Assumes user controls their email account

ChallengeAsks for answer to a secret question in order to reset password

• Prone to repeated errors

• Works best when account information is up-to-date

• Predefined questions often have easy-to-guess answers

• Custom questions often contain, describe, or state the answer

ForensicConfirms account activity and details in order to reset password

• Verifies actions only known by the account owner

• Safest method

• Most difficult to implement

Account recovery mechanisms

Email recoveryPut the user in control

Email recoveryPut the user in control

Email recoveryPut the user in control

Email recoveryPut the user in control

Not asking for email address adds uncertainty

Challenge recoveryThink of life events

Since graduating from college I’ve had different:Postal codes 12xPhone numbers 6xEmployers 4xMoves 4x Cars 3xVacation spots 2xPets 2xFavorite food 1xFavorite movie 1x

Challenge recoveryThink of life events

Since graduating from college I’ve had different:Postal codes 12xPhone numbers 6xEmployers 4xMoves 4x Cars 3xVacation spots 2xPets 2xFavorite food 1xFavorite movie 1x

Forensic recoveryBe flexible

≠

Allow alternate paths

Allow alternate paths

Allow alternate paths

1

X1

ERROR

Account is

Locked

X2

ERROR

Password

Cannot be

Recovered

HELP

Customer

Care

LinkContact Customer Care

URL has .intl

argument

LinkForget your ID or password?

No{assume US}

Redirect to

KR account

recovery

.intl = KR

Set local to

US in English

Set INTL to

proper locale

Yes

Yes

No

1.1

What did you

forget?

CAPTCHA

Match

Inline Error

CAPTCHA

message

ButtonContinue

10

Forgotten

ItemForgot Password

Forgot Y!ID

Yes

1.0

Sign In No

Forgotten

Item

Forgot Password

Forget Y!ID

2

ID Exists

Access User

Yes

ID is a

disposable

email ID

VZ

Supersized

Y! ID

No

Yes

Rogers User

Yes

No

Yes

ERROR

Y! Access

InstructionsNo

ID

deactivated

No

No

Inline Error

No Y!ID

message

Alt Email in

UDB3Yes

Y!ID is

"Unrecoverable"

No

No

No

CAPTCHAForgotten

Element

Redirect to

"ID intl"

AR flow

ID intl differs

from .intlNo

Qualified

address list

size

1 or more

Zero

START

Next

email

address

Expired

Alt Email

Address

Disavowed

Alt Email

Address

Active or

Deactivated

Alt Email

Address

supplied at

registration

Address does not

qualify for ARNo No

No

No

Yes

YesAdd address to

list of qualified AR

email addresses

Qualified backup

email addresses

for AR

Yes

No

Yes

Yes

END

More

addresses in

master list

All backup email

addresses for AR

Yes

YAR Lockout?

No

Yes X1

Yes X2

Inactive

Alt Email

Address

Yes

No

*Always display CAPTCHA on error states

Yes

Increment AR

Badness counter

X3

Yahoo! ID

1.2

Confirm

Mobile Identity

Mobile

User?

Redirect to

Mobile

Process

Yes

DOB

ButtonContinue

No

X4

ERROR

Contact

Taiwan CC

.intl = TWNo

Yes

Taiwan YID Yes X4

AR possible

from .intlYes

Yes

No

Yay, we’re almost done

Summary

Summary

MINDSET

• Users want to retain their privacy and may be worried about ID theft

REGISTRATION

• Build a relationship prior to or with registration

• Be personable — use humor if appropriate

• Explain the value of questions if they may be seen as out of context

• Use an immersive registration process when possible

ACCOUNT RECOVERY

• Put the user in control of account recovery

• Remind users that their account may contain old information

• Use human support when possible

Lucas Pettinatilucasp@yahoo-inc.com

Thank you.

Questions?

DEVELOPER NETWORK