Rhys Webber

Acre Login Flow

Acre Login Flow

Acre Login Flow

Whilst working at Acre, I had the opportunity to be part of the team that was responsible for redesigning the login flow for their client portal. Our main objective was to create a secure and seamless login experience that would instill confidence in users while maintaining ease of access. We recognised the importance of protecting sensitive data and aimed to design a solution that would meet the needs of both Acre and its clients.



Starting off, I laid out a clear problem statement and crafted user stories. This step is really crucial as it keeps the entire team on the same page, ensuring we're all heading in the same direction without any detours. The mission of this project was:


"We want to make it as easy as possible to login to the client portal, however with the amount of sensitive data it needs to be as secure as possible."


Here are some of the user stories we put together:

  • "I want a simple login process, be it through the original email link, the URL, or a saved bookmark."

  • "I want to use either my phone or computer without any caching problems."

  • "Even if I'm one among many directors on a limited company case, I want to be able to login into the case without a hitch."


Alongside my product manager, the CTO, and the engineers from my team, we assessed the current solution and its technical limitations. Based on feedback from our Mortgage Brokers, we identified that the majority of Client Portal users were not familiar with the 'magic link' login system in use. This led us to the decision that a more user-friendly, yet highly secure solution was required. Given the sensitive nature of data within the Client Portal, such as bank statements and credit reports, it was clear that a two-factor authentication system was necessary.


The following stage involved conducting user research to establish a benchmark based on the existing solution. The findings not only corroborated the feedback from brokers, but also highlighted additional issues. Here's what our research revealed:

  • The average rating of the login flow on a scale of 1 to 10 was 6.2. This indicates that while the login flow is usable, there are areas that could be improved.

  • About 50% of the users felt they received adequate instructions or guidance during the login process. Several of those who said 'no' specifically mentioned the magic link process as an area where they felt instructions were inadequate or unclear.

  • Some common points of frustration noted by the users were confusing or inconsistent error messages and a lack of clarity on how to set up two-factor authentication.



Next, I started designing the new login process. There were two routes - one for new users and one for people who'd already used the system. If it was a user's first time, they would be asked to create a password after going through two-factor authentication. But if they'd logged in before, they'd be asked to enter their password. I also got rid of the magic link, and instead had a code sent to the user by email or text.



Finally, we ran the user testing again but this time using the new flow. This time, the findings were as follows:

  • The average rating of the login flow on a scale of 1 to 10 has increased to 8.8. Users generally felt that the change to a code delivered via email or SMS was simpler and more intuitive than the magic link system.

  • About 90% of users now feel they receive adequate instructions or guidance during the login process. Users appreciated the straightforward instructions on how to use the received code for login.

  • Points of frustration were further reduced. The majority of users did not report any issues. The few who did primarily had issues with delays in receiving the code.

  • 95% of users feel their Client Portal account and the data within it is secure. The switch to the code-based system seemed to have increased confidence in the security of the login process.

If you compare the results to the previous benchmark, I’d think you’ll agree that the new solution was a success.

Whilst working at Acre, I had the opportunity to be part of the team that was responsible for redesigning the login flow for their client portal. Our main objective was to create a secure and seamless login experience that would instill confidence in users while maintaining ease of access. We recognised the importance of protecting sensitive data and aimed to design a solution that would meet the needs of both Acre and its clients.



Starting off, I laid out a clear problem statement and crafted user stories. This step is really crucial as it keeps the entire team on the same page, ensuring we're all heading in the same direction without any detours. The mission of this project was:


"We want to make it as easy as possible to login to the client portal, however with the amount of sensitive data it needs to be as secure as possible."


Here are some of the user stories we put together:

  • "I want a simple login process, be it through the original email link, the URL, or a saved bookmark."

  • "I want to use either my phone or computer without any caching problems."

  • "Even if I'm one among many directors on a limited company case, I want to be able to login into the case without a hitch."


Alongside my product manager, the CTO, and the engineers from my team, we assessed the current solution and its technical limitations. Based on feedback from our Mortgage Brokers, we identified that the majority of Client Portal users were not familiar with the 'magic link' login system in use. This led us to the decision that a more user-friendly, yet highly secure solution was required. Given the sensitive nature of data within the Client Portal, such as bank statements and credit reports, it was clear that a two-factor authentication system was necessary.


The following stage involved conducting user research to establish a benchmark based on the existing solution. The findings not only corroborated the feedback from brokers, but also highlighted additional issues. Here's what our research revealed:

  • The average rating of the login flow on a scale of 1 to 10 was 6.2. This indicates that while the login flow is usable, there are areas that could be improved.

  • About 50% of the users felt they received adequate instructions or guidance during the login process. Several of those who said 'no' specifically mentioned the magic link process as an area where they felt instructions were inadequate or unclear.

  • Some common points of frustration noted by the users were confusing or inconsistent error messages and a lack of clarity on how to set up two-factor authentication.



Next, I started designing the new login process. There were two routes - one for new users and one for people who'd already used the system. If it was a user's first time, they would be asked to create a password after going through two-factor authentication. But if they'd logged in before, they'd be asked to enter their password. I also got rid of the magic link, and instead had a code sent to the user by email or text.



Finally, we ran the user testing again but this time using the new flow. This time, the findings were as follows:

  • The average rating of the login flow on a scale of 1 to 10 has increased to 8.8. Users generally felt that the change to a code delivered via email or SMS was simpler and more intuitive than the magic link system.

  • About 90% of users now feel they receive adequate instructions or guidance during the login process. Users appreciated the straightforward instructions on how to use the received code for login.

  • Points of frustration were further reduced. The majority of users did not report any issues. The few who did primarily had issues with delays in receiving the code.

  • 95% of users feel their Client Portal account and the data within it is secure. The switch to the code-based system seemed to have increased confidence in the security of the login process.

If you compare the results to the previous benchmark, I’d think you’ll agree that the new solution was a success.

Whilst working at Acre, I had the opportunity to be part of the team that was responsible for redesigning the login flow for their client portal. Our main objective was to create a secure and seamless login experience that would instill confidence in users while maintaining ease of access. We recognised the importance of protecting sensitive data and aimed to design a solution that would meet the needs of both Acre and its clients.



Starting off, I laid out a clear problem statement and crafted user stories. This step is really crucial as it keeps the entire team on the same page, ensuring we're all heading in the same direction without any detours. The mission of this project was:


"We want to make it as easy as possible to login to the client portal, however with the amount of sensitive data it needs to be as secure as possible."


Here are some of the user stories we put together:

  • "I want a simple login process, be it through the original email link, the URL, or a saved bookmark."

  • "I want to use either my phone or computer without any caching problems."

  • "Even if I'm one among many directors on a limited company case, I want to be able to login into the case without a hitch."


Alongside my product manager, the CTO, and the engineers from my team, we assessed the current solution and its technical limitations. Based on feedback from our Mortgage Brokers, we identified that the majority of Client Portal users were not familiar with the 'magic link' login system in use. This led us to the decision that a more user-friendly, yet highly secure solution was required. Given the sensitive nature of data within the Client Portal, such as bank statements and credit reports, it was clear that a two-factor authentication system was necessary.


The following stage involved conducting user research to establish a benchmark based on the existing solution. The findings not only corroborated the feedback from brokers, but also highlighted additional issues. Here's what our research revealed:

  • The average rating of the login flow on a scale of 1 to 10 was 6.2. This indicates that while the login flow is usable, there are areas that could be improved.

  • About 50% of the users felt they received adequate instructions or guidance during the login process. Several of those who said 'no' specifically mentioned the magic link process as an area where they felt instructions were inadequate or unclear.

  • Some common points of frustration noted by the users were confusing or inconsistent error messages and a lack of clarity on how to set up two-factor authentication.



Next, I started designing the new login process. There were two routes - one for new users and one for people who'd already used the system. If it was a user's first time, they would be asked to create a password after going through two-factor authentication. But if they'd logged in before, they'd be asked to enter their password. I also got rid of the magic link, and instead had a code sent to the user by email or text.



Finally, we ran the user testing again but this time using the new flow. This time, the findings were as follows:

  • The average rating of the login flow on a scale of 1 to 10 has increased to 8.8. Users generally felt that the change to a code delivered via email or SMS was simpler and more intuitive than the magic link system.

  • About 90% of users now feel they receive adequate instructions or guidance during the login process. Users appreciated the straightforward instructions on how to use the received code for login.

  • Points of frustration were further reduced. The majority of users did not report any issues. The few who did primarily had issues with delays in receiving the code.

  • 95% of users feel their Client Portal account and the data within it is secure. The switch to the code-based system seemed to have increased confidence in the security of the login process.

If you compare the results to the previous benchmark, I’d think you’ll agree that the new solution was a success.

Product Design User Research User Testing

Product Design User Research User Testing

Product Design User Research User Testing

© Rhys Webber 2023

© Rhys Webber 2023