REI.com authorized sessions are currently 30 days in length, which presents a security risk. If we were to shorten the time a user is authorized to something closer to a best practice (measured in hours rather than days) some users would lose visibility into their carts after relatively short idle times.
These users would have to actively log in again in order to recover visibility into their cart contents. This pattern is frustrating for the user, and does not meet expected eCommerce industry standards.
Our goal is to securely allow users to access some account content/features even after authorized session has expired.
Lead UX designer
• Understand what's the right amount of information to present.
• Understand and minimize the customer's frustrations about signing in and extended authorization (remembered session).
• Increase security and modernize the experience.
• Get up to parity with other eCommerce systems in terms of remembering user’s even after Authorized Session token has expired.
• Increase security by reducing the authorized session time closer to industry best practices.
• Minimize adverse UX effect from requiring a user to perform an additional step before checkout (logging in during Remembered Session).
I led the design of the Remeber Session experience for all REI.com users across iOS, Android, Desktop, and Web since Sep 2019.
Scope the Project
• The scope for this initial build is constrained to focus on shopping cart visibility for users in a Remembered Session state.
• Research / metric tracking / analytic infrastructure will be needed to provide visibility to determine product success.
• A version of authorized/remembered session data fields will need to be scoped.
• Test the baseline for customer feedback that deals with either:
- Baseline for VoC feedback relating to website security.
- Minimize the impact of UX changes specifically regarding the cart and checkout procedures.
• Baseline for VoC feedback relating to checkout frustration.
• Track the increase (if any) of customer complaints relating to misplaced items in the cart
- Baseline for VoC feedback relating to cart discrepancies.
- Track possible conversion loss when a user reaches the checkout flow and can't login.
• Baseline for overall cart abandonment:
- Cart abandonment rate from login during checkout.
From the research I found the biggest problem for the remembered session was users were very unlikely to be aware of the “Remembered session” VS full sign in. When they try to access account features and confronted with a sign in form, most customers are confused and disoriented they are “stuck”.
Considering the scope for delivery 1, the team wants to surface an updated dropdown for remembered user to sign in. The updated dropdown contains a personalized greeting (e.g., Welcome back, Jenny), a message to explain why they are asked to sign in even we know who they are, and a sign-out option.
An unmoderated usability test is conducted to test the dropdown.
8 participants, 15mins session
4 women/4 men. 4 desktop/4 mobile
By observing participants using the new dropdown, we’d like to understand:
If participants can realize they are partially signed in.
Does there anything stand out for the new dropdown.
For people who realized it, what are the features they expect to be available?
Most people care about their privacy. They are willing to sacrifice some ease to be more secure.
Having an intermediate state(remembered session)between sign-in/out is hard to understand for most of the participants.
• We tried to surface a message saying, "you can only access limited features," but over half the participants didn't realize it until we asked them the related question.
• Having a clear line on sign-in/not status. Having "Welcome XX" on the header can be confusing.
People prefer to open non-private related features: wishlist, view history(RR), cart. Some people feel uncomfortable opening Purchase History.
The desktop user seems preferred to be signed in longer.
Instead of the remembered session, some people asked for having the option to stay signed in - "remember me." The experience they are looking for matches the competitor analysis.
As a retail site, REI is not a daily used site for our participants. So they fee whether being remembered/recognized is less critical.
Based on the insights we get from the usability test, we decided to display only 2 states, sign-in/guest state, to customers and bring the remembered session behind the scene.
When customers are in the remembered session, we will surface the same dropdown as guest session. Cart will remember the previous actions and remain the items.
• Fix logging users out automatically following order capture.
• During a remembered (but not authorized) session or a guest session, we provide a different UX experience to convince the user to sign-in (if pre-existing account) or create an account (if none).
• Provide "Remember me" option on the sign-in process. If customer checked the option, we can extend the authorized session. Or they will enter an "enhanced" remember session, which contains some modified account features. (purchase history with masked personal information).