Thousands of customers forget their password everyday. Some of these customers are victims of phishing scams, some pay for premium services, but they all want to regain access to their account.

The Attorneys General of several US states contacted Yahoo! with a concern that Yahoo! customers who pay for a recurring service and forget their password may be unable to regain access to their account. On the surface of it all, this is largely due to a user being unable to provide accurate proofing information during the account recovery process. The solution proposed by our legal and Product Management teams was to add a credit card verification flow to the existing Account Recovery system.

Working with a User Researcher to gain a better understanding of painpoints in the current system, we quickly identified two bugs that directly impacted a user's ability to recover their password. While fixing the bugs increased the overall password recovery rate, fundamental issues regarding user expectations remained unsolved.

To address these concerns I spearheaded a cross-functional team of Product Managers, Engineers, Security Analysts and Designers to create an account recovery system that is simple to use but difficult to hack.

The new design leverages cookie and IP information to help differentiate legitimate users from hackers. Users are seamlessly offered multiple ways to validate their identity through a cascading system – if one recovery method yields an error, the system presents the user with an alternate.

The redesigned Account Recovery System is currently being deployed in a staggered fashion and should be available to all users by February 2008.

"Smart Fields" - May 2007 (Applied)
One of the required bits of information needed to create a Yahoo! account or recover one's password is a birthday. Instead of using three form fields to capture the information (month, day, and year), I wanted to use a single field and allow a user to type the date instead. My motivation came from observing user studies and noting that a large number of people used a mouse to select items from a menu and in turn place focus on the next field, and then reverted to using a keyboard and tabbing between text fields. This switching of input modes created a large ineficiency for data entry and can negatively affect successful task completion if a form is seen as too cumbersome to use.

The patent application I filed details a method for normalizing and interpreting user input in a range of contexts. This allows a user to type a date in virtually any conceivable format. The concept is easily adapted to other sorts of structured data, like credit card numbers and UPC codes.

Though not currently used in Membership products, this concept has been applied to credit card, date, and other structured data fields throughout the Yahoo! network.