The Vexing User Access Problem

I am the default technology support guy for my family. This honor falls to me because I am “in computers.” I don’t always enjoy troubleshooting sites, apps, or software for loved ones, but as a UX professional I’m pretty good at it. My job revolves around understanding and easing the pain of using digital interfaces.

The biggest pain for my family is logging in (and staying logged in). 99.99% of the time, I am helping someone retrieve a password, get back into a favorite tool, or even recognize they have inadvertently logged out of something in the first place.

This difficulty is not exclusive to my family. Nearly everyone experiences log-in headaches. User tests prove this. People struggle less with complex interactions and far more with supposedly simple tasks like log-in or password recovery. These issues dominate call center reports on the most common pleas for help.

Product development teams feel the strain as well. When defining sophisticated systems supporting thousands of users, the topics that monopolize requirements conversations are log-in, authentication, and security. It’s all about access.

Why is digital product access such an issue?

How can something so common and essential be so rip-roaring difficult? I’m glad you asked. 

Access exists at the nexus of security and usability.

If we want our digital tools to be secure, we must make access difficult. We need hurdles and barriers to keep bad actors out. Yet if we want pain-free digital tools, we must make access exceedingly easy and effortless. 

It’s a classic catch-22. Making something more secure makes it less easy to access. Making something easier to access usually entails security compromise. Robust security is utterly essential. However, we can’t accept user failure and frustration as both inevitable and normal.

Digital tools and passwords are out of control.

Today, we are inundated with apps and software, nearly all of which require a username and password. The average American has something like one zillion digital accounts. Tools and passwords have proliferated beyond our ability to keep track.

Humans have notoriously faulty memory.

We inevitably forget passwords. We guard against this by writing them down and promptly losing what we’ve written. We then turn to fancy password tools to manage our endless credentials, only to lose our master password and/or the 80-character unique alphanumerical key.

Many people throw their hands in the air, and—security trigger warning—consolidate to a few simple, easily recalled passwords for everything. Yikes. 

Log-in frustrates and flummoxes people.

Novice users often find the log-in barrier insurmountable without help (for example, from their son who is “in computers”). They barely tread water with basic access concepts. Consider mistyped passwords, an inordinately common mistake made especially understandable when password characters are routinely replaced by a string of identical dots. “Just click the eyeball icon and you’ll see what you’re typing,” you say. Good luck explaining that to my mother. 

Even so-called power users have difficulty with log-in. But their problems tend to occur because they are in a hurry, never read, and pay little attention to your interface minutia. Again, good luck.

Credentials recovery is brutal.

Most of us would rather live an eternity of middle school gym class than recover a lost password or username. It’s a clunky, byzantine process. That’s when things go well.

One often begins in a mysterious fog. Why I am locked out of my Dunkin’ Donuts app?  Is there some reason I can’t get into the intranet? I need to change my password or recover my username. This means I am now in a productivity-killing zone. I may eventually recover my credentials, but I’ll never recover the time I’m about to waste. If I progress far enough, at least I will get the satisfaction of declaring that I am, in fact, not a robot. Well, at least if I can pass the “spot the palm trees” quiz.

Password annoyances are legion, even when those annoyances protect your interests. Microsoft seems particularly zealous about two-factor authentication, required for every instance (web, phone, desktop app) of their essential toolset upon password reset. Changing your password is naturally required regularly (yet communicated poorly). Of course, you can manage this complexity with a separate app—which requires separate credentials and two-factor authentication.

Development-centered teams don’t focus on the access experience.

Unfortunately, digital product teams don’t spend as much time on sign-up, log-in, or password recovery as they should. These are often viewed as perfunctory problems that have already been solved. Out-of-the-box solutions exist. Dev teams tend to prefer moving on to the more interesting, complex challenges of core product functionality. Those pesky log-in and password issues can be addressed through onboarding, training, or help. 

Help is usually not helpful.

Getting users in (or back in) to an app or service requires a huge amount of communication and direction. Random tooltips and instructions abound (and are largely ignored). Email or text verification messages feel like they’ve been written by computer scientists. Chat takes things to the next level. You literally converse with bots.

At least you have a chance at reaching a human by calling the support line. Of course, you’ll need to navigate the automated attendant. You’ll do this for the distinct privilege of waiting interminably to talk to a real person.

And what do you do about access problems at work when you’re in a big company? Initiate that support ticket. Again, wait.

Access technology and security are evolving slowly.

Granting secure access to digital products is no easy feat. It’s technically demanding and fraught with potential technical and behavioral issues. 

Organizations all over the world are working on the problem, trying to improve both security and ease of access. It’s a monumental task. That’s why progress has been more incremental than revolutionary. Touch and facial recognition technology have improved the mobile experience, but these solutions are imperfect and raise new security issues of their own. Progress is happening, just at a glacial pace.

What can we do?

We shouldn’t accept the status quo. But until major advances in digital security come down the pike, we must deal with inevitable access constraints and the problems they create. Our job is to reduce the user experience pain imposed by these constraints.

Digital product teams can do this. They can indeed make sign-up, log-in, and password recovery processes easier for people. And that’s exactly what we’ll tackle next.

Next article in this series: 
Tackling the Maddening Problem of Digital Product Access