MinhaSenha (ES: MiContraseña, EN: MyPwd) is a service for users to check for leaked passwords. It has a database and performs a search based on e-mail addresses

If the user agrees to register their e-mail address, they will also be notified in the event of a new data leak involving them. The alert is sent by e-mail, along with part of the password and some security suggestions.

For Axur, the site acts as a first contact with potential users: the company offers a similar monitoring service for corporate clients (Hashcast), and registering on the database (with the user's consent) gives it the chance to contact companies that may have many leaks associated with their corporate email

I started working on MinhaSenha in June 2020, shortly after I actually started working at Axur.

Data that we knew from Hotjar:

Site access, by device type, was divided into:

The conversion funnel was 20% - in other words, 1 in 5 users completed the registration.

Observing recordings of users interacting with the platform, we ended up noticing some issues:

The site also had some visual issues: the layout wasn't outdated per se, but it worked better on desktop than on mobile devices, and in general, its visual elements followed the style of Axur's old website.

So, after a few conversations with my design leader, we came up with some objectives:

Improve the experience of the verification process, and if possible, remove unnecessary bottlenecks;

Improve the writing of emails, and try to make the recommendations for users with leaked passwords more objective;

Increase the conversion rate of the registration funnel - we haven't set a specific figure, but ideally between 30% and 40%;

Update MinhaSenha’s layout, keeping the color pallete, but changing other parts of the interface to be more in line with Axur's current visual identity.

As mentioned earlier, MinhaSenha's contact begins with the user's query and ends with the user registering to receive notifications of new leaks. However, this contact is divided into two flows, verification and conversion, shown below.

Analyzing the whole process, it was possible to find some points that caught our attention:

It mandatory that the user has to accept some terms regarding our use of their e-mail address., since we are saving it in the process. The problem is that the terms acceptance screen and the monitoring registration screen are not clearly distinguished, which can cause doubt for the user;

The content of the final screen, with the result of the leaked password, was distributed in a less than optimal way: the text with the instructions wasn’t objective in terms of what the user should do next, and the extra field on the screen, proposing the corporate email test, made the process more confusing;

The content of the monitoring screen also didn't make it clear what the user would get by registering their address, which in this case would be active monitoring, and in the event of a leak, the leaked passwords.

Based on these points, in conversations with the Product Manager, we discussed how we could raise all the relevant points to update our experience. We came up with the idea of a usability test: with a script, ask a few users to complete our two flows, verification and conversion, and checkif they were able to reach the end of the flow, as well as checking if our hypotheses were confirmed.

Based on this, we put together a script with the following activities:

Search for "Minha" in the browser of your choice. Click on the link they think is the site. We didn't indicate the link directly, because we wanted to know if the user could find the correct site from the search. (This was also an opportunity to see if the SEO used was performing as expected)

Asking the user what they thought they needed to do, based on the instructions shown on the site.

Ask the user to enter their e-mail address and check for leaks. We leave it up to the user to accept or not to sign up to be notified of future leaks.

After the result, ask the user if they have understood the result, and what they need to do next.

If the user has agreed to register, ask them to follow the instructions and check their e-mail box.

Ask the user if they have understood the instructions in the email.

Ask the user if they have a corporate e-mail, and if they understand what a corporate e-mail is.

Once the script had been put together, the challenge was to understand how to carry out the tests. To provide a bit of context, the tests were carried out between the end of August and mid-September 2020, i.e. during the COVID pandemic. It was necessary to understand how it would be possible to record users' screens, along with their reactions, remotely (via calls).

It wasn't necessary to search for users of a particular type - since MS caters for users of all profiles - and so we were able to carry out the test with our close contacts. With the help of my PM, we were able to split up to carry out the test, mostly remotely, and when possible, locally.

In total, we conducted 20 tests: 10 with users on mobile devices, and 10 with desktops.

With the tests carried out, we validated some of our hypotheses:

The acceptance form and the option to register (to warn of future leaks) left users confused: most didn't understand why there were two steps, and how each was different.

On the verification result screen, some users reported not knowing what to do next - the instructions were unclear.

In addition to these issues, we discovered a few more problems:

Some users reported a lack of confidence in entering their e-mail address. One user reported this insecurity, and we started asking questions in the following tests, and in general, the answer given was that it didn't seem safe.

On mobile devices, the site wasn't adjusting correctly as the user began to type something. The user would, for example, click on the search field to type in their e-mail address, but there was no automatic scroll for that field to be in focus on the screen. Some users then had to scroll manually to bring that field into focus.

Based on the results, we began to tinker with the flow and distribution of the content on the screens. In conversation with my design leader, she came up with the proposal that the user's first view should be friendlier and more inviting for them to type in their e-mail address. The first inspiration was google search: how it behaves on mobile and desktop, and what we could use from it for our layout.

Based on this, we decided to copy the way their search field works, especially on mobile, with the search content suggestions being able to be replaced by suggestions from email providers.

We also worked on the home screen to bring more confidence to the user, and with this, to associate the MinhaSenha brand more strongly with the Axur brand, a reference in the specialized Brazilian digital security market. The result can be seen below:

The user's first view, then, can be divided between a call-to-action about Minha Senha, the more inviting search bar, and some cards that can provide information about articles where Axur and MinhaSenha are mentioned, or explanations about leaks and the site's security.

Regarding the general experience, we ended up reducing the amount of information shown on the screen. The goal was to make some things clear:

Reduce the number of acceptance terms and registrations by condensing them into a single step;

Make it clearer to the user whether or not they had leaks to the e-mail address used;

What was the next action the user should take.

And regarding the user interface, we mostly changed the font and styles used for titles, text and buttons. The aim was to keep the original color palette, but make the site more similar to other Axur products.

With the redesign of the site done, we ended up carrying out another round of usability testing, inviting 10 participants from the first round again. 7 agreed to carry out the test, which was done with a prototype.

The script followed a similar structure to the first round:

Asking the user what they thought they needed to do, based on the instructions shown on the site.

Ask the user to imagine that they are taking the test with their own e-mail address, and where they would click to proceed, and follow the process.

After the result, ask the user if they have understood the result, and what they need to do next.

If the user has agreed to register, ask them to follow the instructions and check their e-mail box.

Ask the user if they have understood the instructions in the email.

We simulated opening the e-mail in a message box inside the prototype, in order to collect information about the e-mail also being used. With this new round, we had new results:

All the users managed to complete the steps without any intervention on our part.

Some users asked if the link from the globo website, which appeared on the card on the home screen, was real (and yes, it is), which may have helped with the security issue.

Some users reported not understanding what was happening with the share button: one user even asked if it would share the leaked password.

I started working on MinhaSenha in the last week of June 2020, and we started testing at the end of August 2020. At the end of September, we closed the final version, and handed it over to the developer to make the changes to the site, finalizing it in the last week of October. The final version can be viewed online, or via the images below.

Let's get back to our initial objectives:

Improve the experience of the verification process, and if possible, remove unnecessary bottlenecks;

Improve the writing of emails, and try to make the recommendations for users with leaked passwords more objective;

Increase the conversion rate of the registration funnel - we haven't set a specific figure, but ideally between 30% and 40%;

Update MinhaSenha’s layout, keeping the color pallete, but changing other parts of the interface to be more in line with Axur's current visual identity.

With the delivery of the updated experience, we also modified the layout, covering points 1 and 4. Point 2, regarding the e-mails, has had a small change, but we can also consider it completed.

On point 3, the conversion of the registration funnel, we can see the follow-up data between August/2020 and January/2021.

Our initial goal was to increase the conversion rate, which was around 15% to 20%. As of November 2020, we recorded a conversion rate of between 25% and 30%, remaining in this range.

We managed to increase conversion by between 5% and 10%, but we didn't come close to the figure expected by the company's board of 40% conversion. After this process, we ended up doing some more tests, this time focused on bringing in the customer with corporate email, and offering Axur's paid solution, Hashcast, under the better-known name of MinhaSenha, but in the discovery process we ended up discarding this idea, as it demanded too much effort and we couldn't measure an acceptable result.