LifeLock is an identity protection service that monitors their customer’s names, social security numbers, and credit/ debit cards to quickly identify fraudulent activity. Customers pay a monthly membership fee for LifeLock’s promise to “Detect, Alert, and Restore,” in the event of identity theft.
These reactionary measures are costly for LifeLock, so the company was looking to explore more proactive security measures that could minimize the risk of identity theft in the first place.
Pen & Pencil
As a third party, there is only so much that LifeLock (or any security service) can do on behalf of their customers. In fact, the actions that are proven to most increase one's online security all must be initiated by the user.
- Change passwords to important platforms 4 times per year.
- Use a unique password for every platform.
- Check your credit 4 times per year.
- Check account balances daily.
LifeLock didn't have the level of customer engagement needed to ask this of their users, so our challenge was to build an engagement method that would encourage the adoption of these habits by current LifeLock users.
Research unveiled some demographic information of current LifeLock customers and interviews (4) brought to light some of their pain points and goals. It is important to note that while this application has many potential users, we were building for existing LifeLock customers. The persona below, Bob, typifies those users.
- 47 years old
- Husband & Father
- Medical Device Salesman
- Salary: $150k
- Credit Score: 795
- Signed up for LifeLock after experiencing identity fraud- Someone used his SS number to open a credit card
- Because he has been a victim, he’s very invested in monitoring his credit.
- As a result, he is experienced with many credit checking/ monitoring platforms
- The feeling that someone’s on his team
- To feel safe, responsible, and informed
- Validation of investment in LifeLock
- A way to quantify his security
- An easy solution
- Password management
- Low tech-empathy
- Easily overwhelmed
Journey Map (1)
To start to understand our persona better, we plotted his path through a handful of events that LifeLock customers are likely to face. Paying close attention to low points here started to bring out issues that our application could address.
- Bob checks his credit. No surprises here.
- Bob is locked out of his Apple ID for the third time this year. Accessing the account from different devices means he can't rely on the password to be stored locally, so he is often required to reset it. He has them all written down... somewhere.
- He gets a message from a colleague saying that she has been receiving spam messages from Bob's email. This is very alarming because Bob has no idea how someone could have accessed his account, but he's not sure what to do about it.
- Caught up with work, Bob misses a credit card payment. He is especially frustrated because he is paying a monthly service fee for a service that is supposed to help increase his credit, but he still can't remember to pay his bill.
- Notice Bob the LifeLock customer's emotional rebound from the past due bill is slower than if he wasn't paying for the service. He is starting to question his investment in LifeLock, although he knows they're protecting him from bigger threats.
- When Bob's credit card is stolen, he is comforted by LifeLock's support team promising to help him deal with the issue. Without that, he's not sure what he would have done.
- When Bob checks his credit again, he especially frustrated to see that he has gone down as a paying LifeLock customer. He understands that the missed bill was his responsibility, but nonetheless, he is disillusioned with the LifeLock service.
Knowing that password management is the best thing people can do to protect their identity, we needed to understand what their existing relationship with passwords was, so we conducted a survey.
Below you can see how many unique passwords people generally have, and how often they change them.
In a survey of 123 people, it became very clear that we had a problem. The key to a secure online identity is active password management, and people hate changing passwords. In fact, 56% of respondents reported that they only changed their passwords when they were forced to, and another 18% said that they "Never" changed their passwords.
Summery of User Insights
- People believe their information online is vulnerable, but generally don’t know best-practice when it comes to protecting themselves.
- LifeLock customers have generally already experienced some sort of ID theft.
- As a result, LifeLock customers are very focused on their credit score
- People hate changing their passwords.
The Anatomy of an Action
As described by BJ Fogg’s behavior model, there are three components of any action.
Motivation- The amount of time and energy a person is willing to spend on a task
- Ability- How hard a task is for a particular person
- Trigger- The event that causes the action
A trigger’s success is determined by a combination of a person’s motivation and ability to perform a task.
While changing a password may be an easy task, our research had told us that people’s motivation to do so was remarkably low. The red X above illustrates how likely a user is to actually change his or her password when prompted. It became clear that our job was to move the user towards the green X.
Anatomy of a Habit
When designing for behavior change, it is important to recognize the two components of creating a new routine; the initial action, and maintaining that action.
THE INITIAL ACTION
In order to increase the likelihood of a user taking the initial action, Fogg states that you can increase the number of triggers, increase a user’s ability to complete the action, or increase their motivation.
An application that sends too many push notifications will be abandoned, so we knew we couldn't simply increase the number of triggers.
A user’s ability to enhance their security IS something that we could increase. We needed to incorporate all the tools and information necessary to complete these tasks into one place to minimize hurdles.
In order to increase motivation, we did a comparative analysis of some widely used motivation and goal tracking apps like My Fitness Pal, Mint, and Balanced.
In examining these applications, we were able to identify some key elements they all shared.
- Simple design makes goals seem more attainable
- Representations of progress are very powerful.
Another approach to motivating users could have been explaining the benefits of taking these actions and educating them as to what could happen if they didn’t, but LifeLock has run into some issues with that in the past. Just 6 months ago the FTC asserted that LifeLock had exaggerated the threat of identity theft in many of their advertisements, along with other allegations. We decided NOT to go that route.
MAINTAINING ACTIONS: HABITS
The key in translating actions into habits lies in the triggers. A trigger that is served to a user when they aren’t able to act is called a “cold trigger.” The most effective triggers reach the user when they do have the ability to act. These are called “warm triggers.”
In thinking about the act of changing passwords, checking credit and monitoring account balances, we realized that these are activities that a user might not want to do on the go. If the application prompts a user to change the password to their bank account, but they’re are their daughter’s soccer game, that reminder will likely be ineffective.
In order to increase the likelihood that our reminders would translate to action, we realized that we had to incorporate the ability to geo-locate our users. By being able to “Remind at a location,” we can catch them when they’re at their desk at work, or at home depending on the action needed.
In order to encourage these actions, and ultimately build habits, we developed an iOS application. The application offers the existing functionality of the LifeLock service like credit monitoring and alerts, as well as features developed specifically to encourage active use of the application and to alleviate specific user pain points identified in research.
Our solutions fell into two buckets: Credit Monitoring and Security Management. As you will see below, these two functions have their own pages, each contributing tasks to a user’s schedule of reminders.
To read more about the research that lead to these solutions, skip to the Research section.
Credit monitoring is the primary reason for a user to become a LifeLock customer, so this had to be the primary function of our application. We incorporated elements found in most credit monitoring tools such as a colored representation of your score, insights into things that are both helping and hurting your score, notifications about any recent changes in your score, and recommendations as to how to improve.
Credit/Debit transaction tracking
Checking account balances and card transactions daily is one of the actions we needed to encourage, so we made that as easy as possible for the user. At the bottom of the credit page, the user gets a quick view into transactions on all cards they have associated with their account. This quick view is card-agnostic so that a user can spot misuse of any card quickly.
Clicking through on this section brings a user to a page where they can view all transactions, separate by individual cards, as well as add more cards to their account.
Using the navigation in the bottom of the screen, a user will find the Security page. The best way to protect yourself from modern identity theft is to actively manage passwords to all of your online accounts. The Security screen of our app brings the user insight to how their online security stacks up to others’, provides tips as to how to improve, and makes managing passwords easier by providing a secure password keeper.
In order to frame Security as something that needs as much care and attention as Credit, we exactly mirrored the layout of the Credit page and used similar scores and alerts.
At the top of the page, an app-generated “Security Score” is displayed to mimic their credit score. This score is derived from a number of factors including how up to date they are with password changes and the average strengths of the passwords they have saved in the app.
In the middle of the page are upcoming security related tasks and details on what's helping and hurting their score. At the bottom of the Security page is a quick view of the Passwords section giving users the ability to see and quickly copy passwords they use regularly.
If we were to ask a user to do a task that we know they find unpleasant (actively change passwords), we knew we had to simultaneously make that task easier, and thus the LifeLock password manager was born. This feature was a deviation from what LifeLock expected as a solution, but its utility was backed by research and it was ultimately well received by the client.
Above you can see the flow of a user changing the password to their Charles Schwab online banking account. They can set their own password, and see the colored line below grow or shrink in accordance with the strength of the password. They can also use the generator to create a hyper-secure password. When using the generator, the user has options as to how intricate they want the resulting password to be.
Once done, the user copies the new password with the tap of a finger, hits "Save," then navigates to the Charles Schwab account page to finish updating their password.
A user's tasks are both Credit and Security related, so they can access the "Task" home from either screen. The tasks (served up push notifications) remind the users to take actions like change a specific password, or pay a particular bill.
The cadence of these reminders defaults to the regularity recommended by security experts. In order to increase the likelihood of the user immediately taking action every reminder is location enabled.
That concludes my case study.
Questions? I'd love to chat.