Password Reset Portal

The Self-Service Password Reset Portal was implemented to reduce calls to the Service Desk by providing employees a way to unlock their accounts and reset their passwords.


Problem

Employees accidentally lock their account or forget to reset their passwords before expiry.

Then, they can’t login. They can’t work.

To get back to work, the employee would call the Service Desk for support, which took an average of 4 minutes to resolve.

Before this project, the Nordstrom Service Desk received over 4,000 calls per month to reset employees’ primary passwords. Each call cost the company nine dollars.


Research

A vendor was selected to provide self-service password resets. After the selection, the UX team was asked to review the application for usability.

We performed a heuristic evaluation of the employee portal and the service desk portal. The heuristic evaluation revealed styling issues that our engineers could resolve as well as others that required vendor action.

Below is an example of a change requiring the vendor:

pw_reset_masked_answer
Franken-answers: After entering a security question answer, if the user had re-entered the field, he/she could edit the answer while masked. This would create a franken-answer, which would likely be unknown to the user. We did competitive analysis to show the vendor that the application’s behavior was untraditional. As a result, the vendor put in a fix prior to our release. (As a side note, the vendor’s application was already in production for many large companies such as Kellogg’s and Starbucks)

See the complete heuristic evaluation results.

Next, we mapped out each of the user flows within the end user portal and the service desk portal to provide clarity into the system process. This revealed that the application reused screens, so in some instances the instruction text would need to be generalized.

Below is a view of the user flow.

See the Service Desk flow.

pw_reset-user-flow-sd
End User Process Flow: The blue, pink, and green screens are used during the enrollment and security questions flows. This meant we couldn’t say the user was successfully enrolled on the final screen because the user would see the same screen if he/she changed his/her security questions post enrollment.

Design

Mapping the user flow made it easier to understand the copy changes that were needed.

See more copy changes.

To visualize the changes and test the new user flow, we created Axure prototypes for both portals.

Here’s a view of the end user Axure prototype. You’ll see the user receive an error specific message on the create password page for attempting to create a password that is too short. This is unlike the out of the box experience where the user would be taken to another page and then find out his/her answer failed to meet the conditions.

After creating the Axure prototypes we were able to get user feedback to ensure the deployment would be successful.


Solution

In addition to providing this service to FTEs, the portal provided contractors a way to reset his/her password or unlock his/her account. Many contractors follow the sun. Prior to this tool an unlock or password reset required the contractor to call an FTE, who was most likely sleeping. Then, the employee would conference call the service desk with the contractor, and provide the service desk a SSN, which was needed for the reset or unlock. (Yes, a simpler resolution for contractor would have been to change the standard; however, that was akin to boiling an ocean)


Results

Since release 11/10/2015 through 9/1/2016 the application has:

reset 24,222 forgotten passwords
unlocked 28,435 accounts.