Old legacy systems, content-heavy sites, and a formidable lack of web standards make interacting with government sites frustrating.
But how can we interact with them if we can’t get into them in the first place?
CHALLENGE
Up until 2018, account and password issues consistently comprised nearly 50% of Help Desk tickets for an internal U.S. government system that manages training and certifications for over 250,000 government employees.
ROLE
In collaboration with Help Desk, Program, and Development teams, I spearheaded the research and UX efforts.
SOLUTION
Through qualitative feedback insights and usability best practices, we rethought and redesigned the way users are being asked to reset their password by taking out the frustration and guesswork out up front.
Within three months of deployment, help desk ticket count for account and password-related items went down from 49% to 21% and the trend is continuing through 2019.
Let’s put ourselves in the user’s shoes.
We are federal government employees that hold certifications as it relates to our acquisition-related career fields. We use an internal application to enroll in training courses so that we may maintain those certifications to stay up-to-date and effective.
Enter stage left: FAITAS. The training application system that sometimes gets called ‘fajitas.’ Tacos, anyone?
There are over 250,000 of us. And we use FAITAS for a wide gamut of tasks from enrolling in classes like FAR Fundamentals and Contract Planning to managing our warrants for million-dollar procurement budgets.
If we’re in leadership positions, we log into the system almost everyday as we manage employees and it’s our responsibility to approve their requests. Other folks might log in few times a month to check on where things are at during the approval process, but the majority of us log into FAITAS maybe one or twice a year.
If we’re ahead of the game, we know to update our password every 90 days. We get numerous emails reminding us to do so, but really, who has time for that? We have meetings to prepare for.
The day finally arrives where there’s no way out. We HAVE to log into FAITAS. We knew it was coming. If we don’t, we’ll miss the enrollment deadline and if we don’t take the courses required, we’ll lose our certification and if we aren’t certified we can’t lawfully perform our duties ….
Shoot - where did I put that Post-It note with my password? Is it in a drawer somewhere? Maybe a manila folder? I saw it somewhere….
Well, crap.
Okay. Don’t freak out. Maybe there’s another way to enter? This could work. Let’s see what happens when we click ‘Forgot Password.’
Hm. Did my parents meet in Durham or Greensboro? Should I call Mom? Ah, then I’ll be on the phone for an hour. “Yes, mom, the kids are eating well, don’t worry. Yes, Natalie is still playing soccer. I know. You wanted her to play the violin…”
Well, great. Now I’m locked out. But at least I get this large paragraph of text:
“If you are unable to verify your identity using the online Password Reset process, please call the FAITAS Help Desk at (703) 752-9604 between the hours of 7:30 AM – 5:30 PM Eastern Time, Monday - Friday. The FAI CSS Team is required to verify your PII (Personally Identifiable Information), by phone, to verify account ownership. Please do not send any PII via email or Help Desk ticket.”
…. what.
Okay, fine. Let’s see if there’s a human on the other side of this line.
“Can you please confirm your government-issued e-mail address?”
“Sure. It is ….”
“Can you confirm your SSN?”
“Okay, here it is….”
“No sorry, your full SSN.”
“Seriously?”
“Yes, that is correct. We need to confirm all digits due to privacy regulations.”
“Ugh. Is this safe?”
“And your date of birth?”
“Are you still there?”
You’ve got to be kidding me.
Source: www.unsplash.com
That’s a lot of unnecessary frustration and time lost that directly impacts employee productivity and ultimately impacts taxpayer dollars.
Let’s start by uncovering some problem areas through qualitative research.
“I just changed my password. I am not able to log-in. FAITAS says my account needs to be approved or un-suspended.”
“Hi, I signed on to my account and failed one of the security questions - not sure which one. I would like to download the FAC-COR Level 1 certification form. I am in a one week class on the 4th day, and would like to give my completed form to the rep at the end of the class. I probably need access to my account in order to select a supervisor. Since I am currently in the class (currently on lunch break), email is the best way to reach me. Also, the help desk phone number was not in service. ”
“The system would not accept my SSN.”
“I am not sure if my username or password or both are incorrect. It just says error. How am I supposed to know which one to reset?”
“I created an account and received supervisor approval. I went to log on this morning to upload my certificates and received a message saying that my account has been suspended. ”
“Good morning. I need to update my e-mail address/user name in order to complete the courses necessary to maintain my FAC-C certification. I am currently employed by the Executive Office of the President, and my email address is [email]@omb.eop.gov. However, when I initially opened my account, I was employed by the U.S. Department of Veterans Affairs (VA), and my email address was [email]@va.gov. I attempted to create a new account but it appears that my social security number is tied to my VA email address which I no longer have access to. Thanks in advance for your help. ”
“As a supervisor I rarely come to this site, so when I need to provide approval or certification I have to start over. I cannot remember my username or password. I need to provide certification for one of my employees. Please direct me how to get back onto the system. ”
“I tried to reset my password it didn’t recognize me. I tried to register it didn’t recognize it. I have two employees who selected me as their supervisor I can’t acknowledge it. Please let me know what I need to do.”
“I can’t seem to log in...entered my pw wrong a couple of times...not sure if i’m locked out, or if I actually have the wrong password..think its just locked out.”
Who are the real people behind the tickets?
I looked up the job descriptions for some of these roles and here are a few that stood out:
Acquisition Program Analyst, Office of the Secretary of Transportation
Acquisition Program Manager, U.S. Air Force
Learning Director, Defense Acquisition Management
General Engineer, U.S. Army Acquisition Support Center
Customer Liaison Director, General Services Administration
Contracts Specialist, General Services Administration
Computer Scientist, U.S. Army Acquisition Support Center
Personas
Interviews
Discovery
Tell me a little about your role
What does your typical workday look like?
When do you normally first use the internet in a typical day?
What are some of the sites you visit the most to perform your job?
Contextual
How often do you log into FAITAS?
What is your relationship like with FAITAS?
Tell me a little about how you log into the system
How much time do you typically spend in the system?
What kind of tasks do you perform?
Usability
What do you think of the password reset process?
Have you ever had any issues getting into the system? Follow up: Tell me a little bit more about that experience
Would you recommend this page to a friend?
How does it compare to another page?
If ‘Update Account’ was a car, what car would it be?
If you were to give this page a score from 0-10, what would it be?
What feature could you not live without?
How can we improve?
FAITAS Help Desk Interviews
“I would give it a 5. It’s not useless if you’re aware of the idiosyncrasies. There are only 2 things. It’s not obvious to change the email address. The old password cached can run into issues. The language for invalidity is not specific.”
“I would not recommend this page to a friend because of the confusion that tests your sanity. When they get an invalid message saying their old password is wrong even though they accurately logged in with their old password. ”
“If this page was a car, it would be like when the dealer says the highway mileage is a certain amount, once you buy the car, turns out it’s a different amount. ”
“I would give it a 5 only because it does update the password but the process of updating and the communication given is confusing. ”
“How would I describe this page? Ambiguous. Bland. Vistigual appendage. Important but underutilized. ”
“If this page was a car ... Honda. Because everyone has to touch it as some point to get to their account. ”
“I don’t think I like anything about this page. Not even the button. It turns yellow when I hover. That’s not friendly. ”
“Umm. Maybe an improvement idea ... I mean, do we really need them to authenticate their old password if they’re already logged in? ”
“If this was a car ... Ford Nova. It break down all the time. ”
“And for the Security Questions, the format sensitivity. It was built to reduce helpdesk calls but it’s actually creating more. They forget their answers, they forget the answer formats. ”
Before I ran off to make wireframes, I interviewed the Development Lead on what is and what is not feasible:
“Ok, we can remove the Privacy Act.”
“Ok, not necessary to update email at the same time as password update. We can allow them to focus, I understand why it’s confusing.”
“Security consultant demanded we separate the two blocks … but I don’t remember why.”
“Security questions materialized because someone logged into someone’s old account.”
“Ok to add a happy confirmation page ‘You’ve got 90 days until you have to reset your password.’”
Remember this page?
Updating passwords doesn’t have to induce paralyzing doubt and frustration
Let’s be clear about what we’re asking users to accomplish. If the task is to update their password, let’s label the page exactly that - “Update Password.” Remember the Unix Philosophy? Do one thing and do that one thing well.
Remove long Privacy Notice that no one is reading. We already show that when they first create their account.
"Old Password" label is confusing. Old in relation to when? A light copy change to "Current Password” will increase clarity and mitigate state confusion.
Award user when they enter correct current password with a green check mark.
Remove field for e-mail address. No relation to task being performed. Create separate place for e-mail.
Find a different way for users to interact with password parameters instead of typical “read the directions.”
Allow users to hide and unhide password so they can see what they are typing.
Apply Principles of Gamification to let the user feel like they are progressing.
Show this error message after user is done filling out the field, not before and certainly not while they’re typing.
Once user successfully enters all parameters, the 'Update Password' button becomes active.
