.svg)
Are you keeping up? Five ways to test your customer sign-in experience
If youβre in fashion, retro can be a good thing. For car collectors, the word vintage adds value. But when a website asks for your password, a form or an experience with that yesteryear kinda feel can instantly sap your sense of trust.
To help you guard against a login feature faux pas, we pulled together a checklist of questions so you can see how your website stacks up against modern sign-in processes.Β Β
There are five big areas you want to look at.
1. How modern is the overall experience?
Before you pop the hood and start looking at the engine, zoom out and assess the big picture. Examine things that span the entire customer sign-in journey by asking these questions:
How many sign-in buttons do you have on your site?
Spoiler alert. If youβve got more than one, youβve got too many. Itβs still common for sites to have multiple sign-in options for different brands or to have one for customers and another for partners. But best practice is to keep it as simple as possible and offer one sign-in option for everyone. Then, once your customer enters their username, send them down the right path.
Are you serving up a mobile app-first experience?
A growing percentage of online shoppers prefer smartphones over desktops, especially in certain age and income demographics. So if youβre not making it easy to complete every step in the customer journey on a mobile device β especially enabling biometrics (aka FaceID and TouchID) β itβs time to modernize.Β
Are your password requirements right-sized?
Does your site impose old school, workforce-driven policies like forcing customers to change passwords every 90 days or demanding crazy-long passwords? If so, you may be defeating the intended purpose.
For one thing, onerous requirements like this arenβt more secure. They just create more friction. Worse, they can drive customers to bad behaviors like reusing passwords from other sites.
A modern approach prompts password changes only when your regular sweeps flag a breached password, and keeps password length to 10-15 characters.Β
Have you split the username and password screens?
If you require customers to enter all their info on one screen, youβre missing an opportunity β¦ actually youβre missing five opportunities to deliver a better AND more secure experience.
Now that you have a sense of how your site looks from 30,000 feet, letβs dive into the four major parts of the sign-in journey, starting with how your customers register and create new accounts.
2. How modern is the customer registration process?
Itβs the moment of truth. When a new customer clicks the βcreate accountβ button, what percentage gets through the process? How many get started but abandon the effort depends on their perception of how hard it is and whether itβs worth the hassle. Here are some questions to figure out if youβre using best practices.
Do you allow social login?Β
Like other registration options that donβt rely on passwords, social login eliminates friction and beefs up security β chiefly because a password that doesnβt exist canβt be hacked or stolen. Done right, social login comes with other benefits for brands, too.Β
Do your forms have unnecessary fields?
Like beauty, βunnecessaryβ lies in the eye of the beholder. If users feel burdened by your forms β especially if you ask them to provide the same info more than once β youβll see drop-off in your flows. Think like a customer and minimize the number of fields you collect up front.Β
You can always ask your customers for more info the next time they log in. For now, just help them get that new account created.
Do your sign-up forms look like they belong to your brand?Β
Weβve all had that whiplash moment when you click the βregisterβ button and it sends you to a screen that looks completely different. Trained to sniff out phishy schemes, customers often abandon the process when they get that βIβm not in Kansas anymoreβ feeling. Even so, this suboptimal practice isnβt uncommon because many third-party CIAM systems vary in their ability to reflect the look and feel of your brandβs website.
For a smooth experience that reinforces a sense of security and trustworthiness, make sure every form looks like it belongs on your site.Β
Do you support password managers?
Until passwordless everything is a reality, your security-conscious customers β 30% globally, according to the latest World Password Day Survey β will keep relying on password managers. So make sure your forms accept copy/paste and allow autocompletion of addresses and other info stored in password manager apps. If you donβt, your customers may revert to reused or easier-to-hack passwords. Or worse, they could click over to a competitor.
Are there dead-ends in your registration process?
When my 401K moved and I went to the new bankβs website to register, I only saw options for new accounts, not migrated ones. After a few clicks, I lost patience and called customer service. Ugh.
A modern registration experience guides the user into the appropriate flow and never leaves them hanging (or fumbling for their phones to call your help desk).
3. How modern is your authentication process?
Now that weβve taken a look at the account creation process, letβs look at something your customers do a lot more often β signing into their accounts.
Do you automatically transition a new customer from registration to authentication?
Itβs funny how many brands donβt do this. Each of their newly converted customers, who literally JUST entered all their information and clicked submit, get routed not to a screen that lets them browse or engageβ¦but to a login screen. Where they have to do it all over again.
The transition from reg to auth is an excellent place to eliminate friction for the new customer. Theyβve knocked on your door and introduced themselves. Let them in already!
Do you ask your customers to create challenge questions?
What was the name of your first pet? What was the name of your high school mascot? If youβre asking customers to create these sorts of questions, Iβve got news for you: 2002 called and it wants its login experience back.Β
Seriously, though, newer options like multi-factor authentication (MFA), Face ID and Touch ID make these questions obsolete. Speaking of which β¦
Do you allow users to use passwordless MFA (without forcing it)?Β
For customers whoβve adopted a Face ID/Touch ID digital lifestyle, passwordless is just the way they roll. Security-minded users understand the value of MFA. They donβt want it forced β say, before theyβve decided to make a purchase β but they absolutely want the option to authenticate this way.Β
Kudos if youβre letting your customers take full advantage of biometrics available on their devices so they can sign in the same way they unlock their phones. You also get full marks if you can send customers a single-use passcode so they never have to create a password for your site.
4. How modern is your account maintenance flow?
News flash! Calling your 1-800 number to update their account isnβt on your customerβs bucket list. How easy do you make it for customers to manage their own accounts online (or get an alert if someone is doing it when they shouldnβt be)?
Can your customer update their account info?
Go to the βaccount infoβ section after you sign in. What fields can your customers update? Hopefully the answer is: a lot. If so, when customers update their info does it update your customer databases like your CRM or CDP? If the answer is also βyesβ youβre in good shape. If not, ask βwhy?β
Do you alert customers for every account change?Β
Initial registration, password resets, MFA attempts, new devices logging in. Anytime something new happens or account info changes, the best practice is to send your customer a notification. This enlists your customer in detecting fraud and β when the changes are legit β it builds trust and confidence in your site.
Is account recovery self-service?Β
In a perfect world of modern online transactions, no customer would ever forget a username or password. Until that world arrives (and weβre working toward it every day), customers need simple tools to reset their passwords. If your customer service team is fielding lots of password calls, thereβs probably an opportunity to step up your game. (And if so, here are 4 tips for moving your account recovery process online).
5. How modern is your consent management?
Last but not least, take a look at how you manage customer consents. These days customers expect (and many privacy regulations require) that customers have control over what information companies have and how they use it. Here are a couple quick questions to see where you stand.
Are all your consents implicit?Β
At any point in the journey, you may need to ask your customer to accept terms and conditions, verify their age, agree to receive marketing emails, or otherwise consent to something. Lots of brands treat all consents the same, often with fine print that says, βby using this site you agree to everything we want you to.βΒ
Forcing customers to agree isnβt exactly a great way to start a long and trusting relationship.Β
In a post-GDPR world, consent management is tricky. So tricky that we wrote a whole beginnerβs guide and chased it with 5 questions to help make sure that your legal team AND your customers will be happy with your consent flows.Β
Can customers revoke consents?
In short, if you collect consents up front but users canβt change them afterwards, youβre out of date. Full stop.
If keeping up with all this sounds like a full-time job, thatβs because it is. (One we happen to love.)Β
What to do next
Your next step is to download our scorecard, 20 ways to test your customer sign-in experience, to see where your time is best spent to up-level your customer sign-in experience.
Then, if youβre ready to bring on a CIAM solution that delivers a fully modern experience and has a roadmap for the future, give us a call. Weβd be happy to help!
