Designing for neurodiverse people
Trying to stand out while doing the design assignment to get a job
Company
Personal project
Year
Oct 2018
Role
UX/UI design, presentation
Impact
I got the job!
I found out how autistic people and elderly with some conditions learn to remember things, especially passcodes. Visual associations help to everyone.
While talking to a security engineer I learned all about the security and risks of login flows.
Challenge
Design an original and secure login flow for a mobile banking app.
Outcome
Designed a login flow that contains an email and "emoji-story" instead of a PIN.
Approach
Formula for creating a secure login flow
Analysis
I have identified seven login flows that are currently existing: 1) username and password; 2) username, password and character picking of a passphrase; 3) faceID or touchID; 4) PIN; 5) two-factor authentication (2FA); 6) magic link; 6) login using social media account.
The more secure flows usually take twice longer to login, they are much harder to set up, more trouble in case a user is locked out.
The most common problem with passwords is that people use the same password for many different accounts and they are not complicated enough. Still too few people are using password managers.
Users
User profiles were not given to me, but in order to think of a solution I still wanted to imagine who I am designing for. So I was thinking if a bank is looking for an original method to login into an app, this means that it wants to stand out, appear innovative and progressive with its values that reflect current conversations in the society.
I thought that the “early adopters” should be people between 25-40 years old who are looking for a secure and privacy-respecting* banks that reflect the values that they really care about e.g. accessibility.
*privacy-respecting means not only that users’ data is managed in a secure way, but also that “biometrical” data is not collected.
Photos representing early adopters.
Login flow: email and passcode (emoji story)
Proposed solution: email + emoji story
To login users have to input their email address and a passcode that tells a story represented in 5 or more emojis.
A sequence of emojis can represent either a story from user’s life that is told using emojis in chronological order or a graded system e.g. my 5 favourite foods.
Design challenges and solutions
Emoji passcode explorations
Challenge 1
Design an original login flow
I was inspired by the infographic above that a password has to contain something that you are and know. Stories about our life and our unique preferences are both.
I wanted to create something more interesting than numbers and letters that everyone is tired from. People use emojis to represent what they are doing right now: they are putting nail polish or skiing. Why can't we use them in our passwords?
There are some explorations online about emojis used in passwords or as passwords but I haven't seen the concept of creating a story out of emojis therefore it is an original idea! ;)
Challenge 2
Design a secure flow
Regular PINs contain only numbers that can be set up out of 10 digits, whereas emoji stories can be created out of 3,521 (Sept 2020) emojis.
Stories about our life and what we remember about them are unique to us. Even the closest people to us don't know exactly what details about our life event we are going to single out.
The passcode is considered secure if it has 5k combinations. Users can create stories consisting of minimum 5 or more emojis which increases the number of combinations [Omni].
Passcode of 5 emojis out of 16 is considered strong enough.
Passcode of 6 emojis out of 16 is a very secure one.
Challenge 3
Make "password" that is easier to remember for neurodiverse people and everyone
When thinking about the solution I was thinking about the idea that images are easier to remember for every human no matter the neural capabilities. I got inspired by emojis that I use with my friends every day. Emojis represent actions and emotions. What if a story can be told with no words at all?
Unhappy flow when user needs a reminder of their story
I was looking for scientific articles to support my statement above and found that "humans have a remarkable ability to remember pictures. [...] This excellent memory for pictures consistently exceeds our ability to remember words" [PNAS]. Another resource says "if you want someone to remember a message [...] tell them a story" [FC]. In other words, "to ensure that learners store information in their long-term memory is to pair concepts with meaningful images" [Shift].
People with alzheimers or autism when trying to remember numbers they are taught to assign a visual meaning to each number and other visual cues are used to keep them independent [Alzheimers.org; Autism parenting magazine; autism.org.uk].
So it is safe to say that humans relate to stories and images much more that to PINs, words, passcodes. Especially humans who are on the spectrum.
Research required to learn more about viability and desirability of the flow
There was an attempt to create an emoji-only PIN in 2015, but it was just a 4-emoji passcode with no meaning to it. [iedigital]. It didn't stick as not all systems were compatible to use such passcode.
UX research should be conducted to validate assumptiona: it is easier to remember emoji-story, people feel that emoji-story passcode is secure, systems are now able to adopt such passcodes.
Infographic done by marketing specialists [entrepreneur.com]
Conclusion
Design for neurodiverse people shouldn't be considered as original, it should be standard
It is really strange that most mobile applications use PINs that are not not only hard to remember but also puts risk on conversation and app use.
It is often proven that design for minorities improve everyone's experence therefore we should always design for accessibility.