February 06
Lance Peterman | IAM Architect, Merck

Why UX Matters or How Color (and other) Choices Can Ruin an Identity Experience for Users

I’m not writing this to shame a company, though I do plan to share this post with them in hopes that they can make some adjustments that will benefit customers in the future. As such, I’ll do my best to mask their identity as much as reasonably possible.

Before doing so, I want to back up a second. When I am attempting to convey to someone how critical digital identity is to their product or service, I start with this premise: the experience of managing their digital identity is often their very first interaction with your product or service. If a login is required, it is usually the proverbial front door every time they use your service. Getting that right, consistently, is critical to your success.

Last week, I had an interesting UX lesson in how colors can influence user choices and, in this case, result in a horrible experience trying to manage an identity and account. To be clear, it wasn’t just colors that created the experience, but I’ll illuminate the additional issues below.

Due to an illness, I was trying to access my remote care service that lets me speak with a doctor for basic first aid or primary care. It is a terrific service for times when I have poison ivy (usually once a year) or an average ear infection (not yearly, but pretty common). It usually saves me a primary care visit, and I get a prescription called into my pharmacy pretty quickly. Some years, I talk to them more than I do my primary care physician. It is usually a huge time and money saver.

To expedite receiving a call, I have a profile setup through the provider’s website. I did this a few years ago. Last week, I tried to login, but they had changed their website since I last visited. This is what I was presented with (pardon the masking, but I’m trying to be helpful, not critical):


Bear in mind, this particular case was urgent. So, time was of the essence. I quickly looked at the screen and couldn’t remember if I was considered a client or a member. The bright blue colored button is for members, but the bright blue section below it is for businesses trying to partner with them. That created some confusion, so I chose the white login button for the client login portal.

Using my 1Password shortcut, I attempted to login. No luck—it said I had a bad username or password. My username is a little complex, so I tried a few more times for good measure. No joy. I thought maybe they force a password reset every so often, like after the website design change. I could have missed the notice, or it was dumped as spam. So, I initiated a password reset, and got this screen:

It seemed straightforward, so I input my username and email address. The system accepted my parameters and I got a reset link sent to my email address. I clicked on that link and saw this:

That was odd. Naturally, as a security geek, I immediately started wondering if I had a man-in-the-middle attack going on, so I attempted it again. Same result. Once more, no luck. At that point, I just dialed the 800 number to request a call. After a wait of about 40 minutes (unusual, given my previous experience), I got an attendant, and we navigated the process to get a doctor queued to call me.

Now, it may be blindingly obvious to some (clearly, not me) that I had gone to the wrong portal. I never thought to go back and attempt to use the member portal instead. At the time, I didn’t even think there were two separate portals. After talking with the service operator, she initiated a manual password reset for me and naturally told me to go to THIS page:

Aha! I’m masking this page some, but the rest of the screen makes it quite clear that this was enabled for customers of the service. Naturally, armed with my new password, I was able to login and update my password and security question. So, I was on the wrong branch of the site flow the whole time. A single, understandable, but ultimately incorrect choice resulted in almost an hour of wasted time. Besides the lessons learned for yours truly, I think there are a few for the vendor.

First, proper error handling is one of the first key tests for an effective user experience. If I’m using a valid member portal user ID on the client portal, they could test the ID against the member portal and offer to redirect. That would have avoided this entirely.

Second, while I don’t know whether their identity stores are unified or linked, I was able to initiate a reset of my member password from the client portal. That’s bad. Had that failed, I might have at least suspected my ID was messed up and gone a different route. Again, checking that ID against the member portal may have saved a step here. Either way, accepting the member portal ID as valid and sending me a reset link to the client portal that then kicked back with an expired token reinforced the idea that I was in the right place but something was broken. This ultimately ties into lesson one regarding error handling.

Next, they could reconsider the color choices on the main page. Perhaps align the member login color with the member solicitation screen and the client login with the client solicitation color. Consistent coloring can reinforce users’ choices when they are unsure.

Also, they could reconsider the use of ‘client’ vs. ‘member’. I realize that the website eventually clarifies, but what about the term ‘partner’? ‘Member’ vs. ‘partner’ is a pretty clear distinction. I don’t think this is critical, but it could be useful. I know ‘patient’ isn’t in vogue these days, but a patient portal likely would have landed me in the right spot.

Finally, some language on each portal page to assist the user if they selected the wrong portal might be beneficial. The client portal in particular is fairly sparse, though they did a good job with the member portal (if I had actually clicked on it).

In full disclosure, I have now also installed their mobile app, which has a significantly better user experience. If I were to guess, it is designed for members only. Therefore, the confusion I had with the dueling web portals couldn’t happen. It also has Touch ID/Face ID integration, so that’s even better. Aligning the UX of the mobile app with the website would be a nice next step to provide even greater consistency for the customer. They should also market their mobile app on the web page.

So, in reality, two or three hopefully minor changes could improve this vendor’s customer UX considerably. I was fortunate and persistent, so this ended well. But what if a user was put off by the wait time and the password reset problem and went to the ER or an urgent care center instead (since this happened on a Sunday)? That could have made a huge difference in cost and opportunity cost for whomever was behind me in line.

While this dealt with a more serious type of service experience, businesses undergoing digital transformation should consider hiring people that can look at these flows (better than I do, as I am not a UX expert) and give them proper guidance. Even if you are selling t-shirts or fidget spinners, helping your users navigate your service easily from an identity context can be the difference between a closed browser or a sale. Or even better, a repeat customer.


By Lance Peterman
IAM Architect, Merck

View More Posts

Identiverse is a really rewarding experience in terms of building and sharing knowledge.

— Grewe