top of page
shutterstock_723081859_edited.jpg

ONBOARDING WITH BIOMETRIC

FEB2025 - MAY2025 

3 PERSON TEAM - PRODUCT OWNER, UX DESIGNER & MYSELF

MY ROLE - UX/ UI DESIGNER

PROJECT OVERVIEW

Biometric authentication is poised to play a transformative role across the Hartlink Online Pension Portal (HOP), significantly strengthening security while improving user convenience. Initially implemented during the registration journey to provide seamless and secure identity verification, this ongoing initiative will extend to additional key touchpoints including login, account recovery, and password reset. By adding this extra layer of protection, the platform aims to reduce the risk of unauthorised access and create a more streamlined, user-friendly experience.

THE CHALLENGE

HOP's key challenge: Large number of enquries related to account lockout resulting from forgotten password. In our first meeting we discussed on the scope of what HOP was trying to achieve and how accomplish those goal.

We decided to begin by identifying if this problem was actually a problem. 

BUSINESS REQUIRMENT

To improve login security and reduce user friction, the business aimed to replace the existing password and OTP method with biometric authentication. The goal was a seamless, compliant solution that would enhance trust and simplify access. By integrating biometrics, the team sought to eliminate common pain points like password fatigue and strengthen overall system integrity.

DATA COLLECTION AND PLANNING

To understand the scale of login-related issues, we reached out to the Data Analyst team via the call centre. They provided detailed metrics on the number of enquiries concerning account lockouts and password resets. This insight helped quantify the impact of forgotten passwords on support volumes. It also informed our approach to improving the login experience.

image 1 2.png

Image shows the enquiry done by AXA's member

Concerned about all members, from active to pensioners, we explored biometric technology as a practical solution to reduce login issues and improve secure access.

USABILITY TEST REVIEW

A usability test was conducted with five participants to evaluate the login experience. All five reported difficulty remembering their passwords, highlighting a consistent pain point in the authentication flow. This insight supports the need for a more intuitive and memory-free solution, such as biometric login.

THE SOLUTION

The solution was to allow member to easily login without entering their password.

The product manager recommended replacing both passwords and One time PIN (OTP) with biometric authentication to streamline access and enhance security.

However, this sparked discussion around the feasibility of a passwordless flow, weighing the benefits of reduced friction and stronger user trust against potential accessibility and fallback concerns for users unable to use biometrics.

Whilst discussion and research were ongoing on this matter, we were also keen on what vendors that could support Portal with its Biometric technology.

DISCOVERING BIOMETRIC TECHNOLOGY

To improve login security, the Product Owner introduced three identity verification (ID&V) vendors. I led a detailed desk research exercise to evaluate each provider, creating a comparison table outlining their pros, cons, and user reviews.

 

This analysis enabled the team to make an informed, experience-focused decision—ultimately selecting YOTI as the preferred solution for its balance of usability and technical robustness.

image.png

PASSWORD & OTP AS BACK UP

According to the ICO’s guidance on special category data, Article 9(1) of the UK GDPR outlines the legal basis for processing this type of sensitive data, which includes biometric data used for identification purposes. The guidance also provides a practical example: a gym collecting health information from its members—such as medical conditions or physical limitations—must treat this as special category data. This means the gym must implement stronger safeguards, obtain explicit consent, and ensure transparency about how the data is used, stored, and protected.

This example reinforces the importance of offering alternative login methods when using biometrics, ensuring compliance with GDPR and accommodating users who may not wish to share such sensitive data. This discovery dismissed the idea of replacing password and OTP but rather have it as a back up when member are unable to use biometric.

Hence, this made me realise that we must always offer user an alternative to login in case there is technical issue with their camera. 

In the video: Three ways to enter the gym (Pin code, Physical Key and QR code)

DESIGNING THE SOLUTION

USER FLOW

To assess how biometric authentication could integrate into the registration journey, a user flow was mapped out. This visual layout detailed each step—from identity verification to successful onboarding—highlighting where biometric checks would occur. It helped the team evaluate usability, pinpoint friction points, and ensure a seamless fit within the existing registration process.

DESIGN ITERATION

Following guidance from the Director of Operational Security, we updated the verification step to include enhanced safeguards while preserving clarity and ease of use—something previously missing from the initial flow. Verifying the communication channel was equally critical, as it would be used to notify members if their ID&V attempt failed, including details of what went wrong.

ID+V_ Registration and login - Frame 10.jpg

Click image to enlarge 

LOW FEDITLITY WIREFRAME

I created early wireframes to visualise how ID&V would integrate into the registration journey. These designs mapped key steps, helping assess usability and guide stakeholder alignment. 

HAPPY & UNHAPPY PATH

I created both the happy and unhappy paths to map out how users would experience the identity verification process under different scenarios. The happy path illustrates a smooth, successful journey from registration to secure access, while the unhappy path highlights potential friction points—such as failed ID capture or mismatched biometric data—allowing us to identify and address usability or security concerns early in the design process. This dual-path approach helped ensure a resilient, inclusive solution that accounts for real-world variability in user interactions.

HAPPY PATH

ID+V_ Registration and login - Frame 11.jpg

UNHAPPY PATH

Click image to enlarge 

HIGH FEDILITY PROTOTYPE

WHAT NEXT

  • Conduct Quality Assurance (QA) testing to validate biometric functionality, security handling, and cross-device performance.

  • ​Run usability tests with a diverse user group to observe interaction patterns and identify friction points.

  • Assess accessibility and clarity of the user journey, ensuring the flow is intuitive for all, including pensioners.

CONCLUSION

  • Conduct heuristic evaluations of the existing Hartlink onboarding flow to identify usability issues early.

  • Recommend interviewing members before proposing new biometric solutions to uncover real user challenges.

  • Push for deeper collaboration between UX, data, and security teams to align design with compliance and technical constraints.

  • Encourage stakeholders to value research reports and testing insights as core project deliverables.

  • Allocate more time for iterative design and validation to refine flows before implementation.

Looking back, I’m truly proud of the thoughtful, user-focused approach I brought to this project—balancing innovation, security, and accessibility every step of the way.

bottom of page