HPiD

HPiD is a company-wide authentication system that provides users with a unified sign-in and account creation experience across all HP products, services, and platforms. Designed for convenience and security, HPiD ensures users can seamlessly access the HP ecosystem with a single set of credentials.

Goals

  • Seamless Account Creation - Quick and intuitive with email address, mobile number, or federated logins.
  • Multi-Platform Access - Works across web, mobile, and HP devices, ensuring a consistent experience.
  • Enhanced Security - Supports multi-factor authentication (MFA) and passwordless sign-in for added protection.

Impact

  • Resdesign - 12% reduction in abadoned account creations
  • Resdesign - 15% increase in successful sign ins
  • OTP Integration - 18% reduction in Forgot passsword link usage
  • OTP Integration - 14% reduction in Invalid credentials error

The Challenge

I was brought in to the project to update the existing HPiD and create a faster, more intuitive experience. THe existing experience had a high drop off rate, causing users to abandon accont creation/sign-in and not fulfilling their task. This caused frustration in managing printer and ink subscriptions, and was particularly problematic for the HP store, where users would not complete a purchase. Additionally, the UI for HPiD had not been updated to match the current brand standards for HP, creating a confusion for users navigating in and seeing a differnt look and feel. For the redesign, I successfully advocated for the implementation of HP Veneer, a design system that empowers designers and developers to create unified digital products and services.

The initial HPiD create/sign-in experience.




Initial Testing

Using analtics data to assess assumptions of what customer pain points were, we developed multiple iterations of potential design solutions. These options were fleshed out into prototpyes of the complete Create experience for each. These prototypes were user tested along with a prototype of the existing experience understand intuitiveness, ease of use, and all around "best" experience, as well as to get feedback about what was not working about the existing experience. This feedback was used to choose a path forward for the redesign. Each prototype featured a particular difference based on a perceived pain point: the first divided the required information in to two screens to reduce cognitive load, the second removed the requirement of the mobile number to reduce the number of inputs, and the third compressed the inputs to reduce user scrolling.


New HPiD experience options for testing as well as the current design.




Findings

Users first navigated through the existing HPiD experience and asked for their impressions. The majority agreed there were too many form fields and too many password requirements. Most users struggled to find the option to sign in with an existing account and had confusion as to whether they could make an account without a mobile number, reluctant to include their number and risk corporate texts or having their information sold.

The feedback from users directed us to our next steps. Users preferred having fewer fields to fill out when creating an account because it allowed them to get through the flow faster. They felt including their name was unnecesary, but liked that their email address (or mobile number) would serve as their username so they would not have to remember additioanl information to sign in.

First iteration

Redesigned Create Account (top) and Sign in (bottom) flows.

The first iteration solved many of the problems voiced by the user testers. First, the toggle between "Sign in" and "Create account" was moved to the top so users would not have to scan the page to find their preferred path. Second, the number of fields for the initial Create flow were reduced as much as possible: Mobile phone number and Region were moved to a third page, and the inputs are optional. Region was also autoselected with the user's metadata to reduce the fields the user had to fill out. Finally, the Verify flow was reworked to deprecate the visibility of the verification code input to encourage users to use the button on the email, which is a quicker and more seamless experience. While the Name fields were felt to be unnecessary by users, the Support stakeholders were not swayed by the data and insisted they remain. Due to technical limitations, we were also unable to implemented a single Email address/Mobile number field for the Sign in experience; instead, we added a toggle link in the context of the field so the user would see the ability to change the input. To address the multiplatform issue, the experience was designed on a card that would stay the same size regardless of format. This would keep the experience consitent on web, tablet, mobile devices, and as multiple partners integrate the experience into their applications (which can appear in the app window or within a webview). The background image on desktop and tablet could be customized based on the partner's preferences.

Once this design was implemented, the number of abandond account creations fell by 12% and the number of successful sign ins increased by 15%.

Additional Screens

Examples of the Create screen error states

With the redesign of HPiD, every error message, corner case, and alternative flow had to be looked at and designed. We also took this opportunity to update messaging and flows to industry standards. Many of the messages went through quick A/B testing to ensure we had the clearest and most concise wording so users could quickly understand what was happening and make choices accordingly.

Global view

Create flow, alternative screens, error messaging, and Federated experience

Sign in flows (email address and mobile device), alternative screens, error messaging, and multi-factor authentication

New Technologies

The next step for HPiD was to incorporate new technologies into the experience. We researched mutiple options and decided on One-Time Passcode (OTP) as a first option, with the end goal to integrate Passkeys. I attended the FIDO Alliance Authenticate 2024 conference to speak with designers from other companies and learn about their implementations of new sign in experiences. Back at HP I worked with a UX strategist to develop a plan for multiple user testing sessions that would increment us to the new design, testing flow, different designs, and variations on wording.

For the MVP release of OTP, we added an additional option to the Sign in screen and used added Optimizely to offer two different messages to users to gather data about users' understanding of the phrases. Our concern was if users were unfamiliar with OTP technology they would not use the option, which offers a more easy and efficient experience. The A/b testing was enabled for a month, where 50% of users received "Use one-time passcode" and the other 50% received "Send sign-in code". We received data that guided us to use "Send sign-in code", as users were overall more successful at completing Sign in and Account Recovery flows with the more user-friendly wording.

Users that choose OTP process for Sign in: 33%
Forgot passsword link usage dropped ~18.36% after OTP enabled
Invalid credentials error dropped ~ 13.89 % after OTP enabled
OTP Sign ins
• "Send sign-in code": 53%
• "Use one-time passcode": 47%


The main test aimed to understand what the most optimal integration of the OTP experience within the Create experience would be. I developed two flow options: one that was more of a "Balanced" redesign of the existing flow, and one that was a more aggressive simplification of the options in the flow. I created two live end-to-end prototypes that were shown to 28 users, half seeing "Balanced" first and the other half seeing "Aggressive" first. These tests were moderated walk throughs so we could see and hear the users' feedback and pain points as they went through the flows.

Results

Based on the user testing there was a preference for the "Aggressive" flow, mainly because of the perceived simplicity. Users appreciated not having to input information such as first and last name when it was not currently relevant, they noticed the mobile toggle more frequently, and liked having the choice to not use a password for a quicker experience. There were also areas to be improved. Users sometimes struggled to find the mobile sign in option or were confused as to whether they needed to add the mobile number in addtion to the email address, and stakeholders from HP Support were not aligned with removing the name fields. I used to the collected data to recommend creating a "hybrid" design of the "Aggressive" and "Balanced" flows, pulling the best features from each option to create a final version.

The entire Sign in / Create flows with OTP

OTP Design

The release in the OTP design combined the positive aspects of the "Balanced" and "Aggressive" flows while addressing the issues voiced by users in testing. Instead of a toggle between sign in and create account, a single Welcome screen asks for the user's identifying credential (email address or username). WHen the user selects Next a call is made to the backend to learn if the account exists or not. If the account exists, the user is taken to the Sign in screen. If not, the user is taken to the Create flow. The toggle between email address and mobile number was pulled into a button as an option instead of continuing with the current credential type to be more noticible and separate from the input above.

Once we have identified the user as either existing or new account, we can present them with the option to use their conventional password or to use the OTP. For the Create flow, we were able to remove the verify account step unless it is necessary for the application they are signing in to, mainly the HP store. The verification step was a large pain point as users did not see the purpose and removed the step in the process where the largest number of users abandoned account creation. Additional parts of the flow include MFA sign in, account verification flows where necessary, and all associated error states.

OTP basic Create flow

OTP basic Sign in flow

Next Step - Passkey Integration

​ Over 80% of security breaches involve usernames/passwords​, and account recovery is tedious for users and costly for companies​. Account recovery is 50% of call center volume, costing companies an average of $70 a call (or $1.5 million a year per 5,000 users). Additionally, two-thirds of users are overwhelmed with digital identiy management, with over 30% of users having weak passwords for many of their online accounts. The state of the digital identiy management ecosystem has led me to advocate for HPiD to integrate a passkey experience. A passkey is a digital credential that allows users to sign in to a website or app without a password.The application creates a cryptographic key pair: a private key stored in secure wallet on user's device​ and a public key stored with application server​. Passkeys are simple to integrate as an option into the existing flow, and lead to higher user success rates, lower numbers of support calls and account recoveries, and a reduction in sign in time. My task has been to create a compelling case to convince stakeholders and partners to invest in passkeys to vastly improve HPiD user experience.



Mock Passkey integration flow

Passkey integration screen