Home / SurveyMonkey Collaboration / Case Study - Account Verification

Case Study: Account Verification

Account verification adds an extra layer of security by alerting users when a new device or browser tries to log in and access their account.

Protect your data and identity in a team.

Every person using SurveyMonkey should have their own account and login credentials, even if that account is part of a team (a group of accounts that share common data and features). By looking at usage trends in our system, we estimated that around 45% of our users were sharing accounts. When users share account logins it creates data, security, and identity issues for the people and businesses using our product. Additionally, it's sort of like buying one donut but taking the whole dozen back to the office for you and your co-workers.

Account verification adds an extra layer of security to peoples' accounts by alerting them when a new device or browser tries to log in and access their data. When each user has an individual account protected with account verification, users and admins can be sure that the person signing in is the person that should be signing in.

Roles and Duration

Lead Product Designer
Workshops, cross-functional connection and communication, user research, ui design, process flows, usability testing

July 2018 - November 2018 for Design to release to first cohort (10% of 'high sharers')
July 2018 - July 2019 for complete rollout to all SurveyMonkey users

The Question

Around 45% of accounts are being shared by more than one person. How can we leverage our new team plans to encourage users to stop sharing their accounts?

Who will this affect?

Ultimately, this security feature would hit every user of SurveyMonkey. So we had to think across our users types.

Illustrated avatar of Sponsor Sam

Enterprises

Non-SSO secured large teams, 25 or more, that were on-boarded with sales assistance.

Illustrated avatar of Analytical Anna

Teams

Teams of 3 to 25 that handle all of their billing and team management themselves through the product.

Illustrated avatar of Functional Frank

Individuals

1 person working with SurveyMonkey. Could be anyone.

Security threats

Since we were dealing with sign up flows, we wanted to make sure anything we introduced was an improvement to security. This required us to understand some of these folks better.

Constraints

Ou biggest constraint on this project were:

1.) Email verification - Due to the way SurveyMonkey handles email verification (we don't ask for it before you can use the product), we found ourselves in a tough spot. On an account where more than one person is sharing the login, and we don't have a verified email, how do we ensure we're communicating with the right people? Locking them out could be a big problem.

I explored several options for email verification, but ultaimtele the business couldn't commit to implementing email verificaiton before creating this flow. so, it remained a constraint for us.

2.) Sign ups and upgrades could not be affected. This meant we needed it to remain responsive, international, and seamless
Illustration of rock under a building as a metaphor for building on shaky ground

Email Verification Illustrating the effects of this constraint went a long way in communicating upwardly the experiential impact of not addressing the issue with our design solution. It also helped explain why we had to make certain decisions in our flows, and take extra precaution in our testing.

Understanding the Problem

The key to taking this problem from discovery to understanding was robust cross-functional collaboration.

Image of people working together

Cross-functional workshops and collab


Bringing everyone together from security to legal and marketing, we cbroke up into 2 groups and workshopped. The goal was to define what the benefit to the uer was for the feature, where the gaps were, and to gather incoming feedback from our cross functional partners.

Created process flows and wireframes to look at the flows in orderCaptured institutional knowledge, and concerns from across functions

Image of workshop artifacts on wall-sized whiteboard

Getting the flows on and offline

Just as important to understand what would happen in our flows on the screen, was understanding what was happening off the screeen. What actions might prompt an uptick in customer calls? What is the impact of this? We haddto work closely with proiduct and CS to make sure the right real-life flows were in place to capture feedback ad n


From discovery to understanding

As the discovery phase started to become and understanding of the problem, and the creation of a few proposed solutions. When we landed on device verification, I dove in deep to create process flows that outlined all possible areas the flow would connect, on and offline. These were used across the organization to start outlining the scope of the problem, communicate it to others, and allowed us to start exploring our options.

The Problem, Reframed.

Business How do we stop teams from sharing logins?

User How do I gain the benefit of survey collaboration, improved data security, and shared insights from my team?

Admin How do I improve data security, manage sharing, and help my team collaborate? 
Example of account verification with skip functionality

Revalidating

We'd done some initial validation of our intended device verification flows early on and through iteration. Although, we still had a few questions heading out of the design phase that we wanted to answer. In particular, we collaborated with Customer Support to create a "skip" feature that would allow users to come through the flow a limited number of times before the feature limit their access.

We validated this approach in a few ways:

  • Understanding of the flow and concept of "skipping"
  • Collaborated with Customer Support to determine the appropriate number of skips, and built flexibility in for experimetation
  • Reviewed our updated flows with security

Release and Iterate

After release, we kept in close contact with Customer Support to make sure we were reacting to feedback from users. Partnering with Product Management, we prioritized a few important updates directly from what we learned from users in those first few weeks:

  • Minor improvement to the flow (placeholder text was confusing, etc.)
  • Added an email verification step
  • Bulk sharing and transfer (leads to greater retention)

Outcomes

Account Veritfication helped our recently released team plans take off. The simple flows, and seemless integration with customer support and upgrade flows allowed our teams to make the choices that were right for them, and helped us as a business in our goal to get each individual on to their own accounts.

25K

teams in one year

$10M

over projections

All users

Rolled out to all non-SSO users in 1 year

Security

Greater data security for our teams