-
-
Notifications
You must be signed in to change notification settings - Fork 236
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
redesign the password/account handling on FMS "login" #642
Comments
Just my perception, but there seems to have been a recent uptick (post-Heartbleed I presume) in 'how do I change my password?' support. Feedback from a commercial client:
So how do you change your password? Our standard advice is currently:
Gosh, it sure does beat me how the users don't manage to figure that one out. User accounts and passwords should be manageable in the way people expect them to be. |
You can just go to /auth/change_password when logged in. I don't know why that page isn't linked to from the Your reports page, for example, but that would presumably help somewhat... |
The Your reports page now has a link to the change password page. I'm not saying I've fixed anything, but the standard advice can now be - go to "Your Reports", sign in if necessary (either by using your existing password if you know it, or by email if you do not) and click the Change password link. |
Just adding a note here that if/when the log-in process does get scrutinised, we discussed offering a Facebook log-in. A few more thoughts on this google doc, including a link to 'anonymous log-in' if that is of any help (user still clearly needs to provide an email address at some point, thus possibly negating the convenience of logging in with FB?) |
To me, the obvious things to do here would be:
And see which performs best. |
Now running 4-way variant on those two things. |
The next task here is to do a piece of user design away from the site itself, in which we try to construct and test a better user journey. |
We should look to popular sites with accounts, analyse the language and how they present the concepts, and see if we can establish a convention that would work here. I'm guessing the likes of facebook, supermarket online shopping, amazon etc would be a good place to start. |
Just adding this here so we don't forget. It's really |
Worth also mentioning that there's a background process not included in the flow chart, which is that, if a "guest" report is confirmed by email, and that email address already belongs to a registered user, the report is attributed to that user (rather than, say, a new user with the same email address) and shows up in that user's "Your Reports" screen. This is exactly the same has what already happens. |
Nice :) This is funny, as it's pretty much exactly the log in flow that I designed for PledgeBank back in 2004, and still going there. It would let you log in during any process (pledge creation, signing) and on signing in if you didn't have a password set give you the option of setting one on top of whatever you were doing. I believe people told me it was confusing and so I tried to simplify it when I did FixMyStreet. Perhaps I should have stuck to my guns ;-) One thing is there's an extra step at one point, the flow if not logged in and you log in is currently: "Do you have an account" => YES => "Enter password" => (intermediate step here because we need to check your name and whether you want it public or not) => "Thanks for reporting". Not sure if there's anything that can be done about that. |
Also worth mentioning, I’ve opened a new ticket for the related—but separate—issue of FixMyStreet not having a clear account management page (resulting in lots of “How do I change my password?” user support emails). #1034 |
Another thought which might have been a reason for the change PB -> FMS is that setting password after email confirmation makes it harder to show the sharing/goodies that have only recently been deployed, putting in extra steps on top of "You've confirmed your thing" etc. But again, perhaps something could be done cleverly. |
This diagram makes it look like choosing a password is a requirement to "Login by email" may not make sense to many non-geeks yet, but it's a great Do you have to set a password before getting access to some functionality? |
Yeah, I think preserving the current functionality is the preferred option. We aren't trying to 'lock down' FMS, just make the account stuff a little easier to comprehend. What I do want to stop though is the unconventional behaviour that appears to log you in even though you're a guest and haven't actively created an account. |
Just a bit more user feedback: "When I initially made a report of a fault, I got a response that I needed to verify my account, and to wait for an e-mail.. which never arrived.. After deleting the app, reinstalling on my iPhone.. I still couldn’t make a report out.. Therefore I submitted using the direct route (not logging into the app).. this accepted it.. However when I tried logging in on the app afterwards, it accepted my password.. I still haven’t received an e-mail to say my password was OK / Accepted.. So I’m just confused.." |
There's a textbook example of guest checkout, with a quick sign-up at the end on http://emerica.com/ Add something to the cart and proceed as far as you can without actually paying and you can see the most important parts. |
Change password, and your account added etc. Going to leave this open to improve sign in page to make it clearer if you think you need to create an account (comment here #1034 (comment) ). |
There was a "how do I create an account?" user email in today's mailbag. |
👍 to this. Despite having used FMS as a user, I got a bit confused when setting up admin accounts |
We have received a couple of requests from both municipality users and reporting users to simplify the account related form elements - both on /auth and when reporting a new problem. Of course, one of the pros of the current flow is that it makes it easier for the 70%-ish users that, like @davewhiteland mentioned, don't use passwords. Perhaps the current form could be made more dynamic (with JavaScript), to let the reporting user do things in a step-by-step fashion, as to not overwhelm users with both the Yes/No information and form controls? |
@dracos: Do you have any details to share about how the 4-way variant went? Was there any particular reasoning behind putting this in the icebox? |
https://www.cuidomiciudad.do/ has login by Facebook on. Note in that case, JS hides the log in using email (whether that's account or email link) first behind a button before showing it all: FB login is the same as logging in with email/password, just via an external authentication service. So it takes you to the same place (the form to confirm your name/show-name etc with "Successful logging in" message), apart from if it's Twitter (no email), or FB refused email permission, we add another extra step in order to get/confirm their email address. You don't need to see FB for the missing step; as was said at #642 (comment) it's the same for the log in with password flow. My thoughts on #2208 are, I think, also good :) My thoughts here are as above:
Plus new thing:
|
Based on our meeting about this yesterday I have updated the prototype https://sketch.cloud/s/AngxR/all/report-prototype/report-details/play |
What’s your thinking behind this input, at the bottom of the "About you" form? Coming at it cold, I feel like I have no idea what this input is for. Am I meant to already know a password to put in here? Or am I meant to pick a new password? Why pick one? What’s it going to be used for? Meanwhile, the "Sign in with a password" path includes some text that says, if I’ve forgotten my password, it’s going to "help me change my password afterwards"… …but does it? |
Those two things don't align up precisely with what was discussed - the forgotten password flow was going to not ask for password and then ask you for new one after confirmation. But I feel it could work if now it changed that Password field to say "Please provide a new password" with explanatory text. I think that's what was agreed anyway. |
Just as I said I'd look this up yesterday. For interest, in past month, new report flow on figures:
Slight discrepancies in totals are small things e.g. staff user reporting as body/another user isn't included in second bullet point stats. |
We know from our user testing (and another report yesterday) that this is confusing people, and has been for a long time.
I think it needs revisiting from a UX POV, not just rewording, and I am surprised to find there is no ticket for it. So now there is.
Most users (my quick analysis of the stats last year was 70% on the UK FMS) do not use the password; FMS deliberately does not present itself as an account-driven site. But we need to address this for the 30% (including "staff accounts") that do.
The text was updated successfully, but these errors were encountered: