redesign the password/account handling on FMS "login"

[davewhiteland]

We know from our user testing (and another report yesterday) that this is confusing people, and has been for a long time.

I think it needs revisiting from a UX POV, not just rewording, and I am surprised to find there is no ticket for it. So now there is.

Most users (my quick analysis of the stats last year was 70% on the UK FMS) do not use the password; FMS deliberately does not present itself as an account-driven site. But we need to address this for the 30% (including "staff accounts") that do.

[abibroom]

Just my perception, but there seems to have been a recent uptick (post-Heartbleed I presume) in 'how do I change my password?' support.

Feedback from a commercial client:

I must admit I’m not sure how to myself as there is no ‘my account’ facility I’m aware of which allows for managing their password.

So how do you change your password? Our standard advice is currently:

When you next create a problem report or update simply go with the option that says 'No, let me confirm by email' and create a new password at that point. This will send you a confirmation email and clicking the link in that email will update your password for you. Alternatively, you can visit http://www.fixmystreet.com/auth?r=my and do the same (ie, choose the 'no' option and input your new password).

Gosh, it sure does beat me how the users don't manage to figure that one out.

User accounts and passwords should be manageable in the way people expect them to be.

[dracos]

You can just go to /auth/change_password when logged in. I don't know why that page isn't linked to from the Your reports page, for example, but that would presumably help somewhat...

[dracos]

The Your reports page now has a link to the change password page. I'm not saying I've fixed anything, but the standard advice can now be - go to "Your Reports", sign in if necessary (either by using your existing password if you know it, or by email if you do not) and click the Change password link.

[MyfanwyNixon]

Just adding a note here that if/when the log-in process does get scrutinised, we discussed offering a Facebook log-in.

A few more thoughts on this google doc, including a link to 'anonymous log-in' if that is of any help (user still clearly needs to provide an email address at some point, thus possibly negating the convenience of logging in with FB?)

[dracos]

To me, the obvious things to do here would be:

• A/B test repeating email box in yes/no sections
• C/D test not showing yes/no sections until someone picks whether they do/do not have an account

And see which performs best.

[dracos]

Now running 4-way variant on those two things.

[TomSteinberg]

The next task here is to do a piece of user design away from the site itself, in which we try to construct and test a better user journey.

[wrightmartin]

We should look to popular sites with accounts, analyse the language and how they present the concepts, and see if we can establish a convention that would work here.

I'm guessing the likes of facebook, supermarket online shopping, amazon etc would be a good place to start.

[wrightmartin]

Just adding this here so we don't forget.

It's really creepy disconcerting that I make a report and FMS appears to create an account on my behalf without really making it clear that's what's going on. From my POV I gave my email to confirm the report, not to set up an account.

[zarino]

Worth also mentioning that there's a background process not included in the flow chart, which is that, if a "guest" report is confirmed by email, and that email address already belongs to a registered user, the report is attributed to that user (rather than, say, a new user with the same email address) and shows up in that user's "Your Reports" screen. This is exactly the same has what already happens.

[dracos]

Nice :) This is funny, as it's pretty much exactly the log in flow that I designed for PledgeBank back in 2004, and still going there. It would let you log in during any process (pledge creation, signing) and on signing in if you didn't have a password set give you the option of setting one on top of whatever you were doing. I believe people told me it was confusing and so I tried to simplify it when I did FixMyStreet. Perhaps I should have stuck to my guns ;-)

One thing is there's an extra step at one point, the flow if not logged in and you log in is currently: "Do you have an account" => YES => "Enter password" => (intermediate step here because we need to check your name and whether you want it public or not) => "Thanks for reporting". Not sure if there's anything that can be done about that.

[zarino]

Also worth mentioning, I’ve opened a new ticket for the related—but separate—issue of FixMyStreet not having a clear account management page (resulting in lots of “How do I change my password?” user support emails). #1034

[dracos]

Another thought which might have been a reason for the change PB -> FMS is that setting password after email confirmation makes it harder to show the sharing/goodies that have only recently been deployed, putting in extra steps on top of "You've confirmed your thing" etc. But again, perhaps something could be done cleverly.

[osfameron]

This diagram makes it look like choosing a password is a requirement to
create an account?

"Login by email" may not make sense to many non-geeks yet, but it's a great
feature -- https://medium.com/@ninjudd/passwords-are-obsolete-9ed56d483eb
phrases it really well.

Do you have to set a password before getting access to some functionality?
Or is "Guest" just terminology for "a user who hasn't set a password?" but
otherwise we carry on as before?

[wrightmartin]

@osfameron

Do you have to set a password before getting access to some functionality?
Or is "Guest" just terminology for "a user who hasn't set a password?" but
otherwise we carry on as before?

Yeah, I think preserving the current functionality is the preferred option. We aren't trying to 'lock down' FMS, just make the account stuff a little easier to comprehend. What I do want to stop though is the unconventional behaviour that appears to log you in even though you're a guest and haven't actively created an account.

[Gemmamysoc]

Just a bit more user feedback:

"When I initially made a report of a fault, I got a response that I needed to verify my account, and to wait for an e-mail.. which never arrived..

After deleting the app, reinstalling on my iPhone.. I still couldn’t make a report out..

Therefore I submitted using the direct route (not logging into the app).. this accepted it..

However when I tried logging in on the app afterwards, it accepted my password..

I still haven’t received an e-mail to say my password was OK / Accepted..

So I’m just confused.."

[wrightmartin]

There's a textbook example of guest checkout, with a quick sign-up at the end on http://emerica.com/ Add something to the cart and proceed as far as you can without actually paying and you can see the most important parts.

[wrightmartin]

[dracos]

Change password, and your account added etc. Going to leave this open to improve sign in page to make it clearer if you think you need to create an account (comment here #1034 (comment) ).

[abibroom]

There was a "how do I create an account?" user email in today's mailbag.

[pezholio]

👍 to this. Despite having used FMS as a user, I got a bit confused when setting up admin accounts

[jonkri]

We have received a couple of requests from both municipality users and reporting users to simplify the account related form elements - both on /auth and when reporting a new problem. Of course, one of the pros of the current flow is that it makes it easier for the 70%-ish users that, like @davewhiteland mentioned, don't use passwords. Perhaps the current form could be made more dynamic (with JavaScript), to let the reporting user do things in a step-by-step fashion, as to not overwhelm users with both the Yes/No information and form controls?

[jonkri]

@dracos: Do you have any details to share about how the 4-way variant went? Was there any particular reasoning behind putting this in the icebox?

[dracos]

https://www.cuidomiciudad.do/ has login by Facebook on. Note in that case, JS hides the log in using email (whether that's account or email link) first behind a button before showing it all:

FB login is the same as logging in with email/password, just via an external authentication service. So it takes you to the same place (the form to confirm your name/show-name etc with "Successful logging in" message), apart from if it's Twitter (no email), or FB refused email permission, we add another extra step in order to get/confirm their email address. You don't need to see FB for the missing step; as was said at #642 (comment) it's the same for the log in with password flow.

---

My thoughts on #2208 are, I think, also good :) My thoughts here are as above:

• I'd definitely want measurements of how many people set up password (and presumably anything else related we'd want to measure), and running for some time, so we can see how it then changes after, because there's no point doing any of this if it makes it worse (as last time we looked at this area, changes made no difference at all) :)
• Might be worth repeating that if you ignore the post-confirm-password-setting (so still somehow allow that during report creation), everything asked for can, if I understand it right, be done in JS on top of the current form, which might be easier/preferable?

Plus new thing:

• With the current sketch, I agree with @crowbot that the "remember your details" page does not need password to be optional (it would do nothing at all in that case from what it already knows), and does not need "show my name" box (that will remain in the per-report flow).

[wrightmartin]

Based on our meeting about this yesterday I have updated the prototype

https://sketch.cloud/s/AngxR/all/report-prototype/report-details/play

[zarino]

What’s your thinking behind this input, at the bottom of the "About you" form?

Coming at it cold, I feel like I have no idea what this input is for. Am I meant to already know a password to put in here? Or am I meant to pick a new password? Why pick one? What’s it going to be used for?

Meanwhile, the "Sign in with a password" path includes some text that says, if I’ve forgotten my password, it’s going to "help me change my password afterwards"…

…but does it?

[dracos]

Those two things don't align up precisely with what was discussed - the forgotten password flow was going to not ask for password and then ask you for new one after confirmation. But I feel it could work if now it changed that Password field to say "Please provide a new password" with explanatory text. I think that's what was agreed anyway.
On the first point, I think there was also agreement on some text here (sort of similar to what's now under the email address field) to explain what the password input was for.
But please, other than that, let us not turn this thread into another N hundred comments and suggestions. It is a thing, it will be implemented, it can be iterated :)

[dracos]

Just as I said I'd look this up yesterday. For interest, in past month, new report flow on figures:

• 2,662 people logged in during problem creation;
• 5,114 reports by a new email address, 8,156 reports done by a logged in user, 5,943 by an email address known to the db but not logged in;
• (for website reports) 2,075 reports by inspectors, 6,363 reports by other logged-in users, 4,605 reports with confirmation emails sent, no password set, 3,649 reports with confirmation emails sent, password set.

Slight discrepancies in totals are small things e.g. staff user reporting as body/another user isn't included in second bullet point stats.