Research Outline

Best Authenticated Experiences

Goals

To determine what the best experiences and key features are for authenticated/post login online experiences, as determined by experts, reports, and blogs

Early Findings

A source on authentication best practices noted that after online login, users prefer to have an option to stay logged into their account, rather than having to log in everytime.

If login is saved, having a Remember Me option can be combined with other security options, such as only needing to log in from alternative devices, or fingerprint recognition for mobile sites and apps.
Post authentication experiences should also contain clear instructions for allowing users to easily log out of their account, such as a highly visible icon or button.

One option for an improved authentication experience for financial institutions is the use of CIBA (Client Initiated Backchannel Authentication) which specifically allows users to login to their bank via another website to make a purchase.
Similarly, it’s noted that with banking and highly secure logins, the less additional steps after entering initial login information the better.

Session expiry should also be made clear, specifically if the login session is short- users should be aware that they have a limited amount of time before they will be automatically logged out.

It is also noted that session length should be intentional, and based on the type of action or use of the site or app, as well as the need for security.
UX best practices suggest that in order to facilitate a smooth experience for users, value and clarity of action being delivered as soon as possible after login is key. For example, the post authentication screen should direct to the action the client is logging in to perform.
Forbes also notes that the authentication process itself is transforming, with traditional username password combinations being replaced by other log in methods, such as biometrics, geolocation identification, and passwordless login with a recognized device such as a cell phone.

Post authentication experiences are also being customized based on user data, so online experiences are based on that user’s likes, dislikes, analytics, basic personal information, etc.