Simplifying Patient Login by Rethinking SMS Authentication
Healthcare
Usability Testing
WebApp
Company
10X Health is a health and wellness company known for its genetic testing and personalized health programs. I was hired as the sole designer to help build core patient portal features as the company transitioned away from a white-label platform to a custom built experience.
Challenge
Redesign a mobile login flow suggested by developers to reduce friction and work within a backend that wasn’t designed for SMS authentication.
Result
Replaced a confusing, multi-step login flow with a simpler, more predictable SMS experience before launch, significantly reducing expected user friction and support burden.
Team
VP of Technology
Principal Architect
Product Manager
4x Developers
Skills
User Journey Optimization
UX & Interaction Design
UI Design
Systems & Data Analysis
Understanding the Problem Space
When the healthcare portal MVP initially launched, the only login option was for users to receive a one time passcode (OTP) sent to their email address. This required users (of whom 80% were mobile) to swap back and fourth between tabs and apps on their phone to login, creating friction, incorrect passcodes and at times a frustrating experience.
With a stable MVP of the portal, one of our first priorities was to improve this login experience by offering SMS text passcodes as an alternative, which can easily be copied and entered in. On the surface, this was a straightforward task - but our backend data required a creative solution.
Discovery
Beginning the discovery process, I was handed a flow by the VP of Technology and Principal Architect showing how users can login successfully and securely. This flow navigated our tricky backend successfully, but raised a red flags for users.
UX Risks & Data Issues
The login screen requested users to enter a phone number (not an email address). However users would receive an email after they enter in their phone number. This is an unexpected flow that would likely confuse users.
Many users did not have a phone number properly set-up to their account, so entering a phone number would lead to not finding an account.
Moreover, some email addresses were not always properly aligned with phone numbers, meaning a user could enter their phone number in successfully, but we would send an email for further verification to an incorrect email address.
Finally, users would need to verify themselves via email to set-up SMS text, which felt redundant.
Opportunity to Improve Data Validity
Because phone numbers in the backend were often inaccurate, outdated, or formatted inconsistently - this flow presented an opportunity to correct them. This data is of course critical to our care staff, customer support team and sales. Users should be able to review and edit their phone number within the flow.
Key Takeaway
The login experience was "functional" but would result in multiple poor UX flows, required many steps, and would likely add friction to a login experience.
Usability Testing
In order to validate or disprove the usability concerns and explore a redesign if necessary, I created a simple prototype of the proposed flow and ran five usability tests to surface the severity of the issues. Although we all had a hunch the initial flow was faulty, we needed to verify that to align the team towards a redesign. I suggested a usability test as a way to do this.
What We Saw
• All users confirmed the flow felt redundant
• All users felt the requirement to check email during “SMS login” created mismatched expectations
• 3/5 Users weren’t sure which step verified what
• 4/5 Users said they expected a “simple text code" and the login would be complete
These tests helped quantify and communicate the UX cost of launching the flow as-is, at best it would confuse users - and at worst it would result in frustration, support tickets and a cost heavy redesign.
Showing test results was essential for creating alignment across the team that we can not ship the current state flow.
A user encountering login struggles.
(Illustrated usability test of the login flow)
Core Problems
After presenting the findings to the team, we acknowledged that this flow needed a redesign. To start the redesign process, I gathered all of the core problems and constraints this flow faces.
• Our phone number data is problematic, and email is our only true account identifier. At some level, the user needs to be verified with their email.
• Using a phone number to login on the initial screencreates extra steps - if a user does not have a verified phone number with us, or our phone number or email data is bad, this will create extra steps and sometimes will need customer support intervention.
• Phone number data needed to be cleaned up, which can only be done by users themselves.
Phone numbers had many different formats in our system. Some had international codes, some had parentheses around an area code, and so on.
Redesign Needs
Rethinking the Approach (Going Wide)
I started exploring SMS OTP login flows for other companies, searching for answers. I found some companies that use email address only on their login screen - and follow up with an SMS text message.
This approach got us thinking solved a core problem we were facing:
If we can use an email instead of a phone number on the login screen, this will avoid problematic phone number data and any mismatched emails associated with them
Users can enter their email on the login screen, and their phone number can be corrected after login.
Next time they login, they can receive a text message.
This shift aligned with our system and significantly reduced friction.
Aha Moment #1 - Email First, SMS Second
Instead of validating phone numbers up front—which resulted in an email follow up—we allow users to authenticate with email, log in, and then confirm or update their phone number inside the portal.
Aha Moment #2 - One Progressive Step-by-Step Module
Users have a string of tasks they usually come to the portal to perform. We also need them to clean up their phone number data so our clinical team could contact them. This flow created an opportunity to solve multiple problems at once. Users may have a few simple tasks to complete when they login for the first time - like agreeing to terms, signing documents or taking a questionnaire. Placing these in a sequential flow would avoid multiple overlays hitting the user at once, asking them to complete a task.
This was a request to increase scope, but the value it brought received strong support from leadership and was allowed to be included in the feature.
Design Process
With a successful discovery process and alignment across the team - the new user flow was fairly straight forward. I took our new concept to an extensively reviewed design with sign-off by senior leadership.
The Process:
Create the new user flow, which should be much more straight forward
Early wireframes & gather stakeholder feedback
High fidelity wireframes & review by senior leadership
Polished design specifications
The new user flow shown at a high level. The system will check if the user has verified their phone number to receive SMS text passcodes, and check to see if they have required tasks to complete when they log into the portal.
Wireframe handoff of the new login flow with documentation.
All different possibilities of tasks for the step-by-step module. Many of the necessary tasks could be done within this overlay, simplifying and focusing the user on completing necessary tasks for their procedure(s).
Final Design Overview
The New Login Experience:
The login screen will ask for email only. Upon a successful login, all users will be asked to add or edit their phone number. The login screen will ask for email only.
Here is the fork in the flow that simplifies login:
Has a user added or edited their phone number?
If yes - send them a text message one time passcode to login.
If no - user logs in as normal with an email verification code, and is given an overlay asking them to add or edit their phone number.
Any remaining tasks (agreements, profile setup, etc.) appear in the unified progressive task module.
Key Improvements:
• Eliminates redundant verification steps.
• Avoids confusion caused by mismatched phone number data.
• Reduces cognitive load with one structured task module.
• Aligns with modern authentication patterns used by consumer products.
Creates a scalable “progressive task module” for new tasks in the future.
(The new login flow for a first time user)
Outcomes
This redesign prevented a higher-friction login experience from launching and replaced it with a much cleaner, predictable flow. This new flow was presented by the technology team to the company president and a board of senior members, who were pleased with the result (and that the phone numbers would be “cleaned” for our clinical & sales teams! 🙂).
Overall Impact
The final design significantly reduced expected user confusion and login friction
This resulted in an anticipated far fewer login-related tickets for customer support
The progressive task module focused and simplified user tasks and will scale with more clinical tasks in the future.
The 10X healthcare portal has hundreds of logins per day and there has been little to no customer support tickets due to login.