Accounts & Self-Service Flashcards
Why is the “Account” drop-down a crucial navigational anchor for users?
Users immediately go to the “Account” drop-down when they’re trying to track an order, initiate a return, update a payment method, add an address, or perform some other account task.
It’s the first point of contact for many users attempting to access self-service features.
What does testing reveal about what performs well for an “Account” drop-down?
- Testing revealed that it should be placed upper-right corner of the interface; contain features for order tracking, managing payment methods, and other crucial account-management features; and be structured to separate primary from secondary account features.
- Account drop-down can be further improved by personalizing the drop-down based on user’s individual context, allowing users to sign in from the drop-down, and being hover activated.
What is recommended in terms of the account drop-down placement?
Always place the account drop-down in the upper-right corner of the interface. Ensure it is highly visible by providing adequate white space around it and not crowding it with other nav elements, and consider including a link to a user’s account in the footer.
Where do users expect to find the “Account” drop-down?
In the upper-right corner of the interface.
Baymard benchmark data reveals that 92% sites place the “Account” drop-down there.
When it’s not placed there, users often become immediately stuck and are unsure where to look to find it.
How does the “Account” drop-down act as a double duty?
- Offers users access to account features
- Also displays their signed-in state
What do users do when they have trouble finding the “Account” drop-down, or the account feature they’re looking for?
They search the footer as a fallback
What are common user outcomes when they experience sign-in failures?
Account abandonment, customer support requests, and negative site perception.
What is a “high severity, low frequency” sign-in issue?
Issues like account lockouts due to repeated incorrect login attempts or entering a wrong email during password reset.
Why are “high severity, low frequency” sign-in issues critical in UX?
They can block users completely from accessing their accounts, often leading to abandonment.
What’s an example of a user being at a UX dead end during sign-in?
Entering a wrong email during a password reset and never receiving the reset link.
What is a “low severity, high frequency” sign-in issue?
Common issues like unexpected post-sign-in page redirects or users being unsure if they’re signed in.
Why are “low severity, high frequency” sign-in issues problematic?
They cause ongoing friction and erode user trust and confidence in account navigation.
What are some examples of “low severity, high frequency” sign-in UX issues?
- Unexpected page after sign-in
- Unclear sign-in status
- Sudden sign-outs
- Forced sign-in to access tracking from an email
How do users typically perceive the sign-in process?
As a hurdle to overcome before engaging in more valuable tasks like tracking orders or making returns.
What key sign-in areas should UX designers consider improving?
Failed sign-ins and lockouts
Password reset flow
Soft sign-in
Session timeout logic
Email-to-site sign-in transitions
Redirect destination post sign-in
What does Low Severity, High Frequency?
These are minor issues that don’t completely block the user, but they happen often. Over time, they erode the user experience through repeated annoyance, confusion, or inefficiency.
Impact: Not usually a deal-breaker on their own, but the cumulative effect can frustrate users and decrease trust or satisfaction
Sign-In UX Examples:
1. Users unsure if they’re actually signed in.
2. Being unexpectedly redirected after signing in
3. Getting signed out too soon or without explanation
4. Being forced to sign in just to track a package
What does High Severity, Low Frequency mean?
These are major issues that significantly hinder or completely block the user, but they don’t happen very often.
Impact:
When they do happen, the effect is severe - often causing task abandonment, customer service requests, or permanent loss of trust.
Sign-In UX Examples:
- Account lockout after multiple failed login attempts
- Entering the wrong email address during password reset and waiting for an email that never comes
- User unable to reset their password due to a broken or expired link
What’s the difference between Low Severity, High Frequency and High Severity, Low Frequency?
Low Severity, High Frequency are minor irritations but happens often and it erodes ux over time, adds cognitive load
High Severity and low Frequency are major blockers that happen rarely and leads to task abandonment and major frustrations
What is a common issue users face after signing in or resetting their password?
They are not returned to the page they expected, causing disorientation or difficulty refinding their original task.
Why is it problematic if users are sent to an unexpected page after signing in?
It breaks the user’s mental model and disrupts task continuity, which can lead to confusion or abandonment.
It reduces friction, keeps users on task, and prevents abandonment due to navigation confusion.
What is the recommended UX approach after a user signs in from a separate “Account” page? How does this improve the overall UX?
Redirect the user to the specific path they selected before signing in (e.g., checkout, order tracking, saved items)
What should happen after a user signs in from a generic “Sign In” link (without a specific task in progress)?
Return them to the page they were on before initiating the sign-in process.
What UX principle does this guidance support?
Contextual continuity – maintaining the user’s task flow and reducing cognitive overhead after authentication.
What causes users to become disoriented after signing in?
Being redirected to a page they didn’t expect, or not being returned to the page they were on before signing in.
Why is it problematic when users aren’t sent to the page they indicated they wanted to access after signing in?
It breaks task continuity and forces users to re-find their desired path, causing friction and frustration.
What’s an example of a poor redirect experience after sign-in?
A user clicks “My Account” → gets sent to sign-in → then is redirected to the homepage instead of the account dashboard.
What should happen after a user signs in from a task-specific intent (e.g., viewing order history)?
Redirect them to the specific feature or path they selected, not a generic destination like the homepage.
What is the risk if users aren’t returned to the product page they were on before signing in?
They may abandon the task, especially if it took significant effort to reach that page (e.g., filters, search).
Why do users abandon checkout if they’re redirected to the wrong page after signing in or resetting a password?
Because they may lose their progress, and re-doing a multi-step process feels like wasted effort.
Why isn’t using the browser “Back” button a reliable fallback after sign-in?
It can trigger technical issues or not return the user to the desired state due to session changes.
What workaround did some users attempt to re-find products after sign-in?
Adding items to their cart as a placeholder — but this behavior was rare and not intuitive for most users.
What’s a better alternative to redirecting users to a separate sign-in page?
Allow in-context sign-in directly from the “Account” dropdown to reduce disruption and keep users on the current page.
What are the two main redirect strategies after sign-in?
- If the user explicitly selected a destination (e.g., “My Orders”), send them there after sign-in.
- If the user just chose to “Sign In” from a general entry point, return them to the page they were already on.
What’s a key reason to clearly communicate sign-in state on a site?
Users often think they’re signed in when they’re not, which leads to confusion when accessing account features.
What’s a common reason users don’t receive a password reset email?
They entered an incorrect or non-existent email address for the account.
What is the user’s typical reaction when a password reset email doesn’t arrive?
They assume it’s delayed, check spam folders, refresh their inbox, or wait — rather than realizing they mistyped their email.
What can happen if users never receive their password reset email and don’t know why?
They may abandon trying to sign in or contact customer support, increasing support costs and hurting conversion rates.
What abandonment rate was found during testing due to password reset issues?
An average 18.75% abandonment rate during checkout-related sign-in processes.
What is the recommended UX solution when users input an unrecognized email during password reset?
Immediately inform users if no account exists for the entered email, so they can correct it.
Why might some teams hesitate to inform users that an account doesn’t exist for an entered email?
Security concerns — revealing that an email doesn’t exist can allow malicious bots to scrape valid email addresses.
How can UX teams balance security and usability in password reset flows?
- Limit error message visibility (e.g., 20 attempts per IP)
- Use CAPTCHAs sparingly
- Avoid account lockouts unless absolutely necessary
What is a lower-friction alternative to address email-guessing security risks?
Require users to manually retype their email during password reset and disable browser autofill for the field.
How does inline validation or adaptive error messaging improve password reset UX?
It immediately helps users correct mistakes like a non-existent email entry and keeps them on task.
Why shouldn’t the password reset field be prefilled or auto-filled in sensitive flows?
It can allow invalid emails to pass unnoticed and increases the risk of users not catching mistakes.
What core issue arises when users must sign in to view order tracking from a confirmation email?
It introduces unnecessary friction and credentialing issues that can lead to abandonment.
What percentage of test participants were required to sign in to view basic tracking details?
36% were forced to sign in when clicking tracking links in confirmation emails.
What is a key risk of requiring sign-in for tracking info access?
Up to 18% of users may abandon the process due to password or sign-in issues.
What type of information do users typically want from an order tracking page?
Arrival date, shipping progress, and current order status — not sensitive personal details.
What’s the UX recommendation for handling order tracking links in emails?
Allow users to view basic tracking info without signing in, using tokenized links.
What is a tokenized link, and how does it help?
A secure, one-time-use URL with an embedded token that grants access to non-sensitive order tracking info without requiring sign-in.
What should be omitted on non-signed-in tracking pages for privacy?
Full address, phone number, and other sensitive data — only show essentials like delivery status.
How can you inform users that only partial tracking info is visible?
Use messages like “Sign in to view full details” or “Some shipment information omitted for privacy”.
What UX principle does this solution support?
Minimize friction in high-intent flows and respect the user’s task urgency.
Why is this approach more aligned with user expectations?
Users expect a seamless experience from email to tracking info without hurdles, similar to third-party courier experiences.
What is “Soft Sign In”?
A feature allowing limited access to low-level account features without requiring users to fully sign in again.
What is the main UX problem with “Soft Sign In”?
Users often don’t realize they aren’t fully signed in, leading to confusion when they’re asked to sign in to access certain features.
What misleading UI element causes users to think they’re fully signed in?
Personalized greetings (e.g., “Hi, Sarah”) shown in the page header.
What are common user behaviors when they discover they aren’t fully signed in?
- Feel disoriented
- Think they made a mistake
- Consider contacting support
- Lose confidence in site navigation
Why does “Soft Sign In” fail for many users?
Because it violates mental models about sign-in states and lacks clear communication about what features are restricted.
What are five key UX improvements to make “Soft Sign In” less confusing?
- Remove personalized greeting if user isn’t fully signed in
- Indicate available vs. restricted features in the Account dropdown
- Pre-fill email field on the sign-in page
- Avoid redirecting users to a separate sign-in page during multi-step flows
- Enable sign-in directly from the Account dropdown
What UX damage can occur if users are redirected mid-checkout to an unrelated sign-in page?
Users lose track of their checkout flow, experience friction, and may abandon their purchase.
When does “Soft Sign In” make more sense to implement?
When a site offers many frequently used, low-risk account features that benefit from quick access.
What should the account dropdown menu communicate on sites using “Soft Sign In”?
Clearly show which features are available without full sign-in and which require it (e.g., through labels, grayed-out items, or notes like “Sign in for full access”).
Should every site implement “Soft Sign In”?
No — it should be carefully evaluated based on the site’s feature complexity, user behavior, and whether it can be executed without harming clarity or flow.
What common user behavior can lead to account lockouts?
Users often try multiple password combinations when they can’t remember their credentials.
What is the main UX issue with account lockouts during login attempts?
Users get locked out before successfully signing in, often leading to frustration and purchase abandonment.
How many failed sign-in attempts should be allowed before locking an account?
20–30 attempts to avoid blocking genuine users while still managing security concerns.
Why is it important to allow guest checkout even if a user has an existing account?
It enables users to complete purchases without needing to remember or recover credentials, reducing cart abandonment.
What happens if a returning customer is forced to log in and can’t remember their password?
They may get locked out or stuck in password recovery and are likely to abandon their purchase.
What UX principle does allowing guest checkout support?
Frictionless completion — removing unnecessary obstacles in the purchase path.
How can you design a guest checkout path that also supports account holders?
Allow guest checkout and optionally offer account recognition or creation after the transaction is complete.
Why is “security-through-frustration” (like early lockouts) a poor UX practice?
It punishes legitimate users and doesn’t effectively prevent malicious access compared to smarter security strategies.
What’s a better alternative to early lockouts for security?
Use progressive rate-limiting, IP monitoring, and email verification before applying strict lockout policies.
Why are account lockouts considered high-risk in UX even though they’re rare?
Because they can completely block users from accessing their accounts or completing checkouts — often at critical moments.
What behavior often leads to account lockouts in legitimate users?
Forgetting passwords and making multiple sign-in attempts, especially due to complex password rules.
What is the recommended threshold for failed login attempts before locking an account?
20–30 failed attempts, to balance security and user needs.
What should happen when a user is locked out after too many login attempts?
- Inform them of the lockout
- Allow password reset
- Auto-remove lockout after 24 hours
- Avoid locking them out of guest checkout
Why can strict password rules lead to higher lockout rates?
Users can’t use familiar passwords and are more likely to forget them later.
Should sites require login if a checkout email matches an existing account?
No — always allow guest checkout, even for existing accounts, to avoid unnecessary friction.
What’s the abandonment rate observed due to password-related sign-in issues?
18.75% during checkout in usability testing.
What is a safer intermediate security measure before locking an account?
Introduce a CAPTCHA after 15 attempts, though it should be implemented carefully to avoid frustrating users.
What UX principle is violated when users are forced to sign in during checkout?
Progressive disclosure and task continuity — interrupting flow with credential walls creates high friction.
What is the overall UX recommendation for handling forgotten passwords during checkout?
- Avoid lockouts before 20–30 attempts
- Always provide a password reset option
- Allow guest checkout, regardless of account status
What is the core UX issue with requiring users to re-sign in during active sessions?
It causes frustration, confusion, and abandonment, especially if users believe they were already signed in.
Under what conditions is re-authentication acceptable?
Only for security-sensitive actions (e.g., updating payment info), and even then, only when necessary.
What’s a common user assumption that gets violated by forced re-sign-in?
That seeing their name or personalized content means they are already signed in and authenticated.
What UX design patterns can reduce the frustration of re-sign-in flows?
- Pre-fill the email address
- Explain the reason for the additional authentication
- Keep users on the current page or flow after signing in again
What’s the risk of requiring re-sign-in without context or explanation?
Users may assume there’s an error or site problem, potentially causing drop-offs or distrust.
What is a best practice when a session times out for security reasons?
Clearly communicate that the session has expired and why re-authentication is required, without alarming the user.
What percentage of abandonment risk increases when users are forced to re-sign in unexpectedly?
While it varies, re-authentication in the middle of a flow contributes to double-digit abandonment rates in usability testing.
What should never be reset during a forced sign-in?
The user’s progress in any multi-step flow, such as checkout or form completion — preserve state whenever possible.
How can a re-sign-in screen be made more reassuring?
Add clear messaging like: “For your security, please re-enter your password to continue” and auto-fill the user’s email.
What is the guiding UX principle behind minimizing re-sign-in friction?
Respect the user’s mental model and task continuity — authentication should never feel like a punishment or a surprise.
What is a common user response to being signed out minutes after logging in?
Confusion, frustration, and reduced trust, often accompanied by a sense of being “out of control.”
Why are unexpected sign-outs harmful to a site’s perception?
They make the site feel unstable or glitchy, leading users to question security and reliability.
What UX impact do repeated sign-in prompts have during active sessions?
They increase abandonment risk, create friction, and erode user confidence.
When is it appropriate to require users to re-authenticate?
For sensitive actions, like changing account credentials or accessing high-risk features.
What should be done when a re-authentication is necessary?
- Pre-fill the email address
- Include a clear explanation (e.g., “Please re-enter your password for security”)
- Avoid redirecting the user away from their task flow
What technical issues often lead to users being signed out unexpectedly?
Session mismanagement, aggressive timeouts, unstable authentication tokens, or faulty state handling.
What are long-term risks of recurring technical bugs like random sign-outs?
Users may begin to doubt site security, and hesitate to store payment or personal data on the platform.
What back-end strategies help prevent unwanted sign-outs?
- Extend session timeouts reasonably (15–30 minutes of inactivity)
- Use session keep-alive mechanisms
- Avoid token mismatches or early expiration
What should always be preserved if a sign-in is required again mid-flow?
User progress and input — especially during checkout or form-heavy interactions.
What UX principle helps guide when to re-authenticate users?
Use risk-based authentication: increase security friction only when the action warrants it.
