How I increased customer satisfaction by 65%

By introducing a frictionless login experience for Aetna health insurance clients available on desktop and native.

Duration

3 months

Role

Sr. Product Designer

Platform

Desktop, mWeb

THE PROBLEM

Aetna healthcare members could not log into the member portal without a password, forcing them through a series of predetermined reset options that many have found inconvenient and unhelpful.

THE SOLUTION

Introduced a frictionless login experience for Aetna health insurance clients available on desktop and native.

DISCOVERY

Passwordless flows are becoming the industry standard but some are better than others.

Comparing passwordless flows (pros and cons)

Competitive Analysis

With 15 companies analyzed, with 5 market competitors, I learned the following:

  • E-commerce products allowed sign-ins validation with social media

  • Healthcare and banking did not validate sign-ins through a third party (Twitter, Google, Apple, etc.)

  • There was no standard number of steps required to validate a log in

Examples of passworless login experiences

Working closely with our research team, I audited our existing platform and performed a competitive analysis of successful Passwordless flows across a variety of industries.

KEY INSIGHTS

1) Trust is a major factor that determines the success of a passwordless flow

  • Passwordless flows require a lot of personal information, from heavy-duty biometrics like fingerprint and Face ID

  • The success of a flow depends largely on a user's trust in a company and the industry that the company operates under.

2) Users expect extra validation steps for enhanced security

  • Users are not deterred from proceeding due to these extra steps

  • Users are willing to provide sensitive data like their social security number when they trust the company

  • Users could be deterred from downloading a third-party authenticator app

3) One-Time-Passcode (OTP) is the most common (and trusted) method of identification

  • 44% of Americans find OTP secure, compared to Mobile Network’s 25% and third-party Authentication Apps’ 29%

  • This method has come to be expected by users.

IDEATION

How might we design an easy and secure way for users to log in without a password?

In presenting the audit to our stakeholders, a couple of things became very clear:

  1. Security questions or KBA (Knowledge Based Authentication) was not a viable direction as the company was already making efforts to move to more secure methods

  2. Third-party authentication such as an authenticator app or mobile network verification would require too much of our users to authenticate

  3. One-Time Passcode (OTP) was standard and even expected for our competitors.

We moved forward with the one-time passcode with one added caveat. In our database, a member's username AND Date of Birth are required to validate their profile. Since the expected OTP path only requires one point of validation (username), we worked hard to make sure this extra form field did not feel out of place or unneeded.

Exploration 1

  1. Prompt the user to input their username and date of birth

  2. If validated, send the user a one-time passcode.

Exploration 2

  1. Require a user's username and date of birth upfront before progressing

  2. If validated, give the user the option of inputting a passcode or receiving a one-time passcode

Exploration 3

  1. Add a "Login with a Code" option to the existing homescreen.

  2. Allow the user to either log in with a code or validate their date of birth.

Although this method seems very similar to option one, the wording of the button confused users when tested.

We decided to go with flow #1, to add a new "Login without a Password" button to the existing screen

After reviewing user feedback with the Product team, we decided that most members would still expect and prefer the existing username and password experience and that our added flow should not disrupt the current experience.

This simple addition helped accomplish a variety of our objectives:

  1. Traditional usernames and passwords would still be the default

  2. The "Forgot Password" flow would remain intact without any changes

  3. The "Passwordless" experience would be given its own dedicated flow without disrupting the existing model that members had come to expect

FINAL DESIGN

Introducing Aetna's Passwordless Authentication

The "Passwordless" authentication on Aetna members’ login portal now allows members to access their accounts using only their username and date of birth.

An alternative to the "Forgot Password" flow

We didn't want to disrupt our current login experience so the new "Passwordless" flow now exists in conjunction with our current login experience. This means it is also different than our "Forgot Password" flow which remains on the screen.

Allowing users the versatility to log in with or without a password as well as reset it ensures that we cover every use case and that users spend less time struggling with login and more time managing their account.

Validation Help

In assessing our competitors and combing through existing feedback, we realized that a certain helper is expected with One-Time Passcodes.

Users not only preferred but actually even expected certain validation helpers like a code expiration countdown and a "where to look" section for email.

USER TESTING

All participants preferred the new passwordless experience.

In December 2022 we tested our experience with 38 users with active health insurance plans across a variety of ages and experiences. Our demographic breakdown was as follows:

38

Participants with active plans

26

Commercial age participants

12

Medicare age participants

Although 33% of our participants hadn't encountered a passwordless experience before, all understood the experience with most saying that they would use it.

  • Users had no issues providing date of birth: All participants expected to have to enter some sort of personal identifying information and preferred date of birth over their social security number.

  • All users expected a One-Time Passcode: All participants said that they would look at their phone or email to get the code and enter it in with no questions on where to look or how to access their information.

Overall, the experience was easy to use: Despite our range in age (26-80 years) or level of experience with our platform, all users reported that the process was easy to use and that many would use it over a "forgot password" flow.

I love this! I love that I can sign in without having to
remember my password!
— Participant A
I don’t have to drive myself-crazy trying to remember my password – it’s an easy way to login.
— Participant B

LESSONS

What I learned

Prioritizing User Convenience
This experience taught me that users will always choose the easiest path, favoring simple, consistent login solutions over the need to reset passwords. Keeping convenience top of mind helps build trust and reduce frustration.

Balancing Ease with Security
I learned that if the login process is secure and trustworthy, users won’t question an easy access route. Creating secure, frictionless paths that align with user expectations is key to improving their experience.

Reducing Friction to Enhance Product Engagement
Moving forward, I’ll advocate for streamlined user flows—whether for login, registration, or other interactions—so users can spend more time engaging with a product's core purpose and less on barriers to access.

Want to keep reading? (I’m flattered)