For more than 140 years, the Securian Financial family of companies has developed innovative insurance and retirement solutions to meet the evolving needs of individuals, families and businesses. Offered through partnerships with employers, financial professionals, and affinity groups, Securian Financial offers a variety of products and services to help its customers build secure tomorrows.

One of Securian Financial’s main business areas is its group benefits offered through partnerships with employers to their employees. As the UX Designer for the Group Benefits Enrollment team, I led the UX design and strategy of the Life Benefits site from from October 2021 to December 2023.

Throughout 2023, our team was challenged to come up with different ideas as to how we could improve the experience to create the biggest impact ahead of Q4 open enrollment when the site experiences its highest volume of traffic.

I advocated for and convinced the team to start with addressing the authentication portion of the experience first, reasons being:

• Successful login rate was less than 60%

• Login-related issues were generating the highest volume of phone calls to the customer service line

• Any enhancements to the experience behind the login gate wouldn’t improve performance metrics so long users were unable to login

There were a number of factors contributing to the login issues experienced by users:

• Assigned usernames

  Users are assigned their user IDs; they don’t get to choose them for themselves nor can they change them at any time. This makes it difficult for users to remember their user IDs.

• Infrequent use

  Most users only visit the Life Benefits site once a year when they’re participating in their employer’s open enrollment period. This makes it difficult for users to remember their user ID and password. Almost 6% of unique visitors were selecting the Forgot your ID? link, and almost 7% of unique visitors were selecting the Forgot your password? link.

• Unsuccessful username recovery and/or password reset

  Even when users attempted to recover their user ID or reset their password using the self-service functionality provided, many were still unable to so and had to call the customer service line for assistance.

There were a number of issues with the previous authentication experience, including:

1) User ID Not Displayed

At the end of the forgot user ID flow, the previous experience didn’t actually display the customer’s user ID. Instead, it displayed the formula that was used to generate their user ID (usually some combination of their employer’s name plus their employee number), which also presented a security risk.

This can be even more complicated for Port users who’s user IDs contain randomly generated numbers and therefore couldn’t be recovered online. Their only option was to call the customer service line for assistance.

2) Security Questions

The forgot password flow relied on users correctly answering pre-established security questions in order to verify their identity. Again, because of infrequent use, it was difficult for users to remember the answers to these questions. The security questions were also often discoverable information, which presented a security risk.

3) “Secret Word” Access Key

If users were unable to verify their identity by answering their security questions correctly, they had to verify their identity using a “secret word” access key that had to be remembered until they received the password reset email. Not only did users have trouble remembering their secret word by the time they received this email, but using a secret word as a means for resetting passwords is NOT a standard practice for this type of experience.

4) Password Reset Not Always possible

In some rare cases, users couldn’t self-service password reset online because they didn’t have an email address on file. Their only recourse was to wait to receive a temporary password in the mail, which could take up to a week to receive.

To address the issues in the previous experience, the following enhancements were made:

1) One-Time Passcode added

One-time passcode (OTP) was added to both the forgot user ID and forgot password flows. This provides a secure way of verifying a user’s identity and is also consistent with standard practices for these types of experience.

2) User ID Displayed

Because OTP added more security to the forgot user ID flow, user IDs could now be displayed at the end of the flow once a user was successfully verified.

3&4) Security Questions and “Secret Word” Access Code Replaced

Once OTP was added, it became the default mechanism for verifying a user’s identity. In the forgot password flow, security questions are now only used when a user has neither an email address nor a phone number on file that can be used as a means for delivering the OTP.

Conceptually, the “secret word” access code was essentially an OTP in reverse, so it was removed entirely once OTP was added. Because an OTP can be sent to either an email address or phone number—instead of just an email address like before—it also greatly reduced the number of users who couldn’t self-service password reset online and instead have to be sent a temporary password in the mail.

View prototype ›

After these changes were implemented, the impact was evident:

• Successful login rate increased to ~66%

• Increased login rate alone led to more than $300,000 in additional profit, even without making any other changes to the experience behind the login gate

• There were almost 1,000 fewer calls to the customer service line compared to the open enrollment period the previous year

• The volume of users who can’t reset their password online and have to be sent a temporary password via mail was reduced to less than 1%