Security Question Best Practices

UX RANT – This month: Schwab

Steven Brykman | November 20, 2014 | Mobile Strategy

To herald the introduction of our new suite of UI/UX Strategy offerings, I bring you our first UX rant— a new blog feature that takes a critical look at the best of the worst in user interface and experience. But before I go ahead and tear Schwab a new UX-hole, let me begin by saying I was psyched to open an account with them and had heard great things about their products and customer service. And then I actually tried to begin the process of creating an account on their website and I knew immediately there was trouble afoot.

First off, you’re probably already well-aware that finance sites are notoriously bad—a result, I’m assuming, of their oppressive security requirements. Fidelity has been working hard recently to improve both their desktop and mobile experiences — and it shows. Schwab, however, seems to be stuck behind the curve.

Sucking from Minute 1 — The Login Experience

Granted, logging into anything is never a good time. So much so, that an upfront login requirement in a mobile app often turns potential users away. Schwab (and Fidelity) solve this problem nicely by allowing users to view Market News and Research data in their apps without logging in. However, while a login is obviously critical when it comes to a finance website or mobile app, it should never become a challenge for the user.

But logging into an account is obviously a different process than creating an account. The big difference being that with the latter, the user has to create a username and password. Now I’m all for security and password-encryption, but for Pete’s sake, let me see the letters as I’m typing them!! Maybe it makes sense to instantly encrypt a user’s password when simply logging in. But in the account-creation process, the user has to be sure he knows what he typed for a password! Since there’s no visual confirmation whatsoever, the user winds up having to type their password very, very slowly in order to be sure not to screw it up. Hey Schwabbers, if you’re so worried users are creating accounts in cafés or on public computers where someone might be looking over their shoulder at their screen the split-second each letter is typed, you might as well also assume someone’s looking at their fingers! In which case you should send your clients some kind of laptop drapery/hood to wear over their head when creating an account. Sort of like the thing photographers used in the 19th century.

Secondly, don’t make users enter a password and a secret question in the same panel, particularly if you’re going to blank-out the entire form whenever they make a mistake. Why would you do this? This is like taking a sledgehammer to a pushpin!

Login-526x528

Your Paper-to-Web Conversion Stinks

Let me explain.

As I said, when I got the intro letter, I was totally jazzed to create an online account. The letter had my account number right there on the page, so how hard could it be? Really hard, apparently.

Why not include step-by-step instructions in the letter explaining how to go about creating an online account? Why no mention of the website at all? Would you rather your users didn’t manage their own accounts online? Links that did appear on subsequent print mail I received were either inaccurate (different than the actual online URL or link) or missing altogether. As in 404. Included in this list were inaccurately presented links to “Accountability” (creepy) and “Maintenance” (frightening).

IMG_6380-297x528

But that’s not all. Schwab’s UI manages to offend cross-platform. Because when I went to the iPhone App and tried to login, this popup appeared:

Assuming this was just an informational popup, I tapped the cancel button. WRONG! Tapping cancel here means cancel my login. Why would anyone ever want to cancel their login?? Think, Schwabbers, think!! You did the right thing by putting an obvious logout button in the upper-right corner. What’s the reason for the expedited bail-out? Are you trying to meet the needs of those users who suddenly experience some sort of mid-stream login emergency? Get me out of this app, now, my wife is about to have a baby!!!! Hint: remove the cancel button and replace with an OK button if user-acknowledgment is an issue (which it clearly isn’t currently since the popup dismisses itself after a couple seconds).

In summation, what finance (and like) companies should do is either:
a) ask new users to create a username in their initial application materials
b) assign new users a temporary username and include it in the first mailer

If b) seems like it might pose a security risk then just include a QR code in the mailer. You already include a QR code in your literature for downloading the Schwab app, now just take it one step further. Step one: user scans the QR code to download the app. Step two: user scans the second QR code from within the app. Upon scanning the second QR code, the app recognizes the scan is coming from the cell phone associated with the account and walks the user through the steps required to create an account, retrieving all relevant info: Social Security Number, Date of Birth, Account Numbers, Home Phone, etc.). This would create a much smoother account-creation experience for the user while providing opportunities to ‘welcome’ the user and to present additional information during the process.

Now let’s take a quick look at the actual desktop interface.

Criteria-528x346

“Select Criteria”??? But I don’t see “Criteria”!!!
Why do they all have zeroes next to them?? What the hell am I supposed to do?

Criteria-dropdown

This dropdown isn’t helping the situation any, either.
Rule #1: Don’t provide a button for a dropdown if the button doesn’t have a menu to dropdown.

What-to-click-528x60

Little quiz for you: What do you think the user is supposed to click here? Click the Circle-X?
Because everywhere else in the internet universe that means CLOSE WINDOW. (post your answers below)

Good people of Schwab, you are officially on notice. We strongly suggest you hire Propelics ASAP to help you clean up your act.

Steven Brykman

Steven is a Digital Strategist and UX Architect focusing on Mobile Products with a diverse background in writing and literature. He spent much of the last decade as Creative Technologist/Lead Strategist of his own design company, helping Fortune 500 companies define the direction of their digital campaigns, websites and mobile applications. Additionally, he co-founded Apperian, a Boston-based mobile technology startup.

More Posts

Follow Me:
TwitterLinkedIn