Project Summary‍

Yale was spearheading an effort to improve the online security of the Yale community by introducing two-factor authentication. The issue presented was that most users have used the DUO platform before in a very limited capacity, but we are now forcing them to use it potentially on an everyday basis. The backend technology of this was already set in place, but the security team at Yale reached out to the UX team in regards to the rollout process.

‍

The Problem

The team was aware of the situation that most of our users are now going to be subject to a slight annoyance whenever they have to log into a Yale-supported application. The team wanted to minimize any possible pain points that the user could run into during this transition period. Another difficult aspect of this effort was the timeframe, we were given a small window of a month to create, test, and ideate a solution to help this issue.

Teaching Our Users

Admittedly, two-factor authentication isn't a light topic. We understood the task at hand and attempted to create an experience that a user could scan the page and gain a high level of understanding of what their future holds. We utilized the 5 W’s method which involved what to expect, when will I get prompted, why does this need to happen, and what do I do if I need help?

‍

System Status

The opt-in process had a few outcomes depending on the user’s account, which was determined by the back-end system. The UX team made it very clear in our designs that we wanted to make sure the user knew where they were in the process of opting in. As stated in Nielsen Norman 10 Usability Heuristics, the visibility of the system status was important to show to the user. This allowed the user to understand where they are in the process and determine what their next steps are. As shown in the image, we designed our progress meter at the top of the screen to outline the three-step process of opting into DUO.

User Flow

We learned very quickly that there would be a few different paths for our users based on their past experience, current devices added, and status of opt-in eligibility. To make sure we catch all of our use cases, we created a user flow.

‍

Adding More Devices

Due to the fact that users in the Yale community have used the DUO system in the past on a much smaller scale, they would possibly already have devices added. In the event that users might want to change or add new devices to make their experience easier, we decided to have the DUO account management page embedded into the review stage (step 2) of the opt-in process. 

One issue we ran into was the possibility of a user only having their landline as their DUO device. From a UX perspective, we viewed this as a red flag. With the new experience of having the user needing to use DUO in a bigger capacity, the UX team felt that users should not rely on one landline to authenticate every time they log in to applications. To address this, we recommended a back-end check to see if users fell into this group. We specifically addressed the need to add another device and included recommended user setups that had options that did not include landlines as their primary device.

Survey Results

On the final screen of the opt-in application, we added a user feedback survey where our users rated their experience 1-5 stars and had a text field to provide any additional comments. 

Responses: 16,000+

Rating: 4.6 Average

Word cloud of feedback:

‍

"Since the launch of DUO Opt-in in 2020, our instances of people using compromised NetIDs have dropped to zero." - Jeremy Rosenberg - Interim Chief Information Security Officer - Yale ITS

‍

‍