Cutting costs without cutting corners
My role: User Flows, Information Architecture, UI, Prototyping
Read time: ~6 minutes
Highlights
Rolled out a new login method aimed at optimising costs— game changer!
Results & insights
- ~50% adoption rate.
- ~67.5% usage rate for the next login attempt across Android, iOS, and Web.
- Bottom navigation still needs some tweaks to make everything smoother.
At Halodoc, many of our initiatives aim to hit those all-important EBIDTA targets. But some, like this one, are laser-focused on reducing existing expenditures.
Let’s face it—passwords can be a pain to remember. Thankfully, we dodged that hassle entirely. Logging into the app is as simple as getting a one-time password (OTP) via SMS or WhatsApp. Easy for the user? Absolutely. Easy on the budget? Not so much.
Those SMS and WhatsApp OTPs added up quickly, leaving us with a hefty bill 💰.
To tackle this, we teamed up with engineering and decided to introduce a shiny new login method: Passkeys. It’s a cutting-edge alternative to traditional passwords that’s gaining traction as the future of secure authentication.
With Passkeys, we could keep the login process seamless for users while significantly cutting down on those bloated OTP costs. Win-win!
Process
Quick mocks → Unmoderated usability testing → Release → Investigate → Iterate again.
Why this process? Well, “Passkey” isn’t exactly a household term just yet, and we wanted to dig into how users perceive and interact with it.
Phase 1/5: Quick Mocks
We started by introducing the concept of Passkeys in two key areas:
- For returning users logging in (since 65% of them request an OTP after their registration date).
- During logout, to subtly nudge users into exploring the feature.
We also built a dedicated setup flow in the settings page, giving users another entry point to get started with Passkeys.
☝️ On the web app, there was one key difference: users needed to enter their phone number first to use the Passkey feature. This ensured we could securely link the Passkey to their account while keeping things straightforward.
Phase 2/5: Unmoderated testing
We wanted to see how users would react to the feature at first glance—what they’d understand right away and what they’d pick up once more details were provided.
Our researcher suggested testing two variations of the copy: one using the term “Passkeys” and the other “Biometrics.” The hypothesis - users might resonate more with “Biometrics” since it’s a term they’re likely more familiar with.
While the screenshots here are in English, the entire flow was tested in Bahasa Indonesia to ensure it resonated with our target audience.
Testing insights
“Biometrics” > “Passkeys”
Users found the term “Biometrics” much clearer than “Passkeys”. Here’s some of the feedback we heard:
“What’s the difference between Passkey and Password?” ”I rarely hear this word (passkey), it sounds like a key for the screen. Can it be changed to another word that is more understandable?”
Positive First Impressions
About 70% of participants said they’d activate it right away, appreciating the added security benefits.
Discoverability Needs Work
While 83% found the copy on the setup page easy to understand, only 30% actually found the page. Clearly, there’s room to make it easier to spot.
Phase 3 & 4/5: First release & investigation
We couldn’t tackle the navigation issue right away since it was part of a broader redesign effort. So, we went ahead and rolled out the feature to all eligible users.
Fun fact: Passkey setup is only available on certain iOS and Android OS versions!
Some early reads
48.5% of users set up a Passkey.
57% of them used it to log in.
The rest still opted for SMS or WhatsApp OTPs—but hey, it’s a start!
With the first release out, we were left with two burning questions:
- Why didn’t some users set up a Passkey for future logins?
- For those who did set it up, why weren’t they using it to log in?
Time to dig deeper into user behavior!
Investigation highlights
Why didn’t some users set up a Passkey for future logins?
It seems that many users are just used to logging in with SMS/WhatsApp. Those who are already familiar with passkeys tend to use them, especially for tasks like consultations—where speed is key. But security concerns were a big factor for some as well.
For those who did set it up, why weren’t they using it to log in?
For users who had activated Passkeys but weren’t using them, there were a few reasons:
- Device capability and errors got in the way.
- Some had activated the Passkey on a different device, meaning they needed to set it up again.
- Others were just so used to logging in with their phone number that they stuck to what they knew.
Phase 5/5: Iteration
While the navigation fix had to wait for a larger update, we didn’t sit still! We made tweaks based on the testing insights, focusing on improving setup, ease of use, and security.
One major change was the layout—we made the information more scannable, so users could take it all in at a glance. Simple but effective!
We also revamped the web login modal to better guide users toward using the Passkey login method. With this nudge, we made it more obvious and easier for them to opt for the secure, streamlined login option.
Release 2
We pushed the web login changes first, mainly because it was the low-hanging fruit for boosting passkey usage (and, let’s be real, resource constraints were a factor too!).
The numbers
We saw a solid 11% increase in users opting to log in with their Passkey across all platforms, bringing the total to 68%.
After the web login update, the Passkey login rate on web nearly doubled, reaching an impressive 67% 🎉. A big win for ease of use and security!