In general, what is the best way to simplify the auth UX for this group of users? Is there any UI libraries out there targeting this group more specifically? Any good web examples you know of?
thx
In general, what is the best way to simplify the auth UX for this group of users? Is there any UI libraries out there targeting this group more specifically? Any good web examples you know of?
thx
14 comments
She had some form of extreme palsy, and her kids lived on a different continent.
What she needed, was someone to talk to her as she tried to input her password the 10 or so times it would take her to get it entered correctly.
If she did it herself, she would become unsure that she was using the correct password, and give up because she was second guessing herself.
If she asked a nurse to help, the nurse would need to bail halfway through the process and address some other requirement.
In a separate incarnation, I was helping a 90 year old gentleman, who was providing free legal support for the organisation, to log on to his laptop. We had a 60 day password reset cycle. This gentleman would only attend the office every month. So every other visit required a password reset. He would berate me as he went, like the guy was a massive d bag. But my understanding was that he had chronic arthritis in his hands, so this process was very painful for him.
I think the best workflow would be to use login codes and eschew passwords entirely. Definitely dont have mandatory password resets. I think the initial Passcode enrollment step might rule passcodes out but I have only really dealt with them on the MS side.
That said, you need a really good non password backstop for login codes, because in my experience, elderly people tend to replace phones/numbers/laptops/email addresses quite frequently too. I used to keep a folder in my password vault for my grandmother so I could recover her email/facebook, but not before she ended up with 3 email accounts and facebook pages.
Biometric Authenticator App? IE key recovery / load to a new phone is biometric, but otherwise it just prompts a 6 digit code on login? I think younger generations have a better sense of "I am X, but my email controls Y" where older people are like "I am me, so give me my emails" and something that is unequivocally "Me" like biometrics might be the best way to meet them where they are.
Just my 2 cents.
Thanks for the real world stories on people who are actually, physically challenged.
Is your product a simple TODO list? Is it a health diary with loads of sensitive information? Is it for storing nuclear codes? Is this something users typically use on shared computers? On their phones? When you consider whether or not some of the other commenters' suggestions for reducing complexity of authc and potentially account recovery are reasonable, you need to keep that context in mind. It's hard to make decent suggestions without that context, imo.
Check WCAG's recommendations around accessibility. Start with cognitive and vision, and make sure to check out sections around designing and interacting with forms, but make sure to have a browse around broadly.
The UK government's style guides have some thoughtful advice around usability and accessibility. [0][1]
[0]: https://www.gov.uk/guidance/style-guide [1]: https://design-system.service.gov.uk/
When I try to sign in to most apps on my TV, it usually displays an code that you can type in on another device so that you don't have to type in a long password using the D-pad on the remote. Could you maybe implement something similar for your website? This way, my grandmother could just call and read me a code, and then I could handle the sign in remotely. As long as you only need to sign in ~once a year, this would be my preferred option.
Not all seniors have trusted friends/family who can help them, but lots do, so making it easier for the helpers will in turn make it easier for the seniors. Plus, there's no phishing risk for the senior with this method, so it's a relatively secure option too. (There is a phishing risk for the helper, but presumably they're the least vulnerable person in this scenario)
And make it so they don't have to log back in frequently.
I'd suggest not having a password at all. Either use SMS/Email codes, or Passkeys.
Any change to an interface is going to disrupt this, so one thing would be to change the interface only very rarely and carefully.
- a large font size by default, and maybe a font size slider on the homepage. Test everything at 200-300% scale as WCAG recommends
- don't change the UI! Or change as little as possible, at least for existing users. Which kinda upturns the whole always-updating nature of web SaaS but I think it can be done
- hire a good designer who can streamline your UX and screens and keep only the bare minimum features
- maybe offer human support? Like a phone number? Probably unreasonable for you tho
Wish I had ideas for simpler login and auth.
Have you found any successful design strategies in your 10 years? Any insights from user testing?
I solved most of the sign-in problem for my dad by picking a simpler browser than Google Chrome, and by tweaking his browser settings to be just-so. That's not going to be much help for you, the website creator...
Maybe allow passkeys for login? These days, passkeys usually get stored/supplied by the underlying OS. (By usually, I mean that's the statistically most common source of the passkey today. They can also come from a browser plugin or a hardware key.)
As an additional option, I can see the benefit for people who live in their Gmail app and don't have a password manager.
Magic emails might work for general users, but for an 80yo who struggles using a mouse. Teaching them to click on links in emails is probably not the best practise.
But I do love pass keys.
Often my iMessages arrive on my phone 30 seconds before they arrive on my Mac, so it's quicker to look at the phone notifications and type it in manually than it is to wait for them to arrive and auto-fill to get triggered.
Also for old people, its impossible to fall for a phishing page using Passkeys. Unlike auth codes where you can type the code in to a fake login page.
For an old person who basically just uses an iphone and ipad, you can't screw it up and you can't be scammed.
I created this tool (https://anftr.com/) for some of my ex-colleagues in their early 50s who were trying to navigate the world of office software. They were struggling with Microsoft Word and Excel, and I have seen them yell at ChatGPT and bash their mouses constantly, hoping the computer will load files faster.
Essentially, you focus on text and video demos. The foundational design concept for elder tech is providing clear instructions and minimizing interactions.
If you want them to sign in, you should not require them to press a button more than two times.
To address things they tend to forget, consider a human custodian or "IT concierge" model, please. The reality is that after a certain age, people really struggle to learn new things and prefer talking to a person for help. Technology has its limitations.
If you are working with users aged 50 to 80, provide them with a phone number and charge a subscription for the service or a one-time payment. It might be borderline exploitative, but I have noticed that elderly individuals want a "solution" rather than a lesson.
You explain how to do something, and if they are eager to learn, they will. You offer them a solution either way. Please do not create a monetization model for this custodian service and keep the charge as low as possible.
The money you receive from this serves purposes: it is designed to help them second guess and try to help themselves. If you do not charge for something, they will just keep asking you questions. When you charge for something, they perceive it to have more value compared to it being free.
Do not prioritize ease of operation that compromises their security.
2. allow login via magic link via email, after login the jwt/cookie/whatever should have no expiration date
3. (optional) allow one user to have multiple emails + merging accounts/users (call it backup email to collecr multiple user emails in advance, soft nudging only, not mandatory to use the product!)
4. (optional) offer any other way to login (un+pwd), google oAuth…
It‘s THAT easy.