Super detailed business logic process of login and registration

Login and registration are reflected differently in different products, because the pros and cons of many of its functional details cannot be generalized and should be considered based on specific scenarios.

This is an optimization of the login and registration process that I did during my internship. It mainly focuses on the business process diagram (Transaction Flow Diagram) of login and registration, including SMS verification code login, account and password login, third-party login, forgotten password, graphic verification code, etc., as well as some situations that need attention.

The main issues in business process diagrams are:

• Who (who), when (when), under what conditions (condition), what is input (input), what is output (output), where is the output flow (flow)...

The swimlane diagram I use for business process diagram representation can highlight the logical relationship between user operations, back-end systems, and front-end pages, as well as how they operate.

1. Mobile phone verification code login

Note:

1. The 11-digit mobile phone number can be displayed in the form of "344" (e.g.: 000 0000 0000);
2. The order of verification of mobile phone and verification code (whether the verification code has timed out, whether the verification code is correct, whether the mobile phone number has been registered, etc.);
3. Error feedback methods (toast, HUD, alert text, pop-up box);
4. After inputting errors, should the user click the delete key on the keyboard to delete them one by one? Or should a one-click delete icon be provided on the input box? Or should it be deleted automatically?
5. For pure numeric input such as mobile phone numbers and verification codes, the keyboard pop-up type is pre-set, and the pop-up time is set;
6. Is automatic verification required? (For example, when the entered mobile phone number is 11 digits, the SMS verification code is automatically obtained; when the entered verification code is 4 or 6 digits, the SMS verification code is automatically verified without the user clicking a button);
7. When the verification phone number is not registered, do I need to set a password? Can I skip setting a password? If not, do I need to set it when I log in again with the verification code?

2. Graphic verification code process

Note:

• In response to different business needs of different products, in order to prevent SMS verification codes from being swiped, a graphic verification process can be added before each click to obtain the SMS verification code;
• The form of the graphic verification code verification, is it in the page? Or in the form of a pop-up box? Because it needs to be considered that it can be reused in multiple scenarios;
• If it is a pop-up window, when the graphic verification code is entered incorrectly, would it be inappropriate to use toast or HUD to feedback the error?
• After a text prompt is used to indicate that a graphic verification code is entered incorrectly, is it possible to automatically clear the graphic verification code?

3. Login with account and password

Note:

1. Is the default login method to login with a mobile phone number verification code or an account and password? (It depends on the product and scenario: for example, when downloading for the first time, you can log in with a verification code. After the user actively logs out, the next time you log in, you can log in with your account and password);
2. How long do I have to wait before I need to log in again? (Can the phone number be automatically remembered when I log in again?) Or do I need to log in again every time I enter the product? (For example, I need to log in again every time I enter the ABC and BOC mobile apps, probably for security reasons);
3. The order of verification of mobile phone number and password (whether the mobile phone number format is correct, whether the mobile phone number has been registered, whether the mobile phone number and password match, etc.);
4. Regarding the second confirmation of password input, when I was doing internship, my mentor told me when to use "re-enter password", when to use "password visibility switch", and in what scenarios the password visibility switch is visible by default and in what scenarios it is invisible by default. (Because I don't want to limit these to a rule, everyone can think about it according to their own products);
5. If the system determines that the mobile phone number is not registered, does it directly feedback to the user that the mobile phone number is not registered? Or does it feedback that the mobile phone number or password is wrong? Or does it guide the user to enter the registration process or verification code login process? (Of course, it depends on the scenario: if some products directly feedback that the mobile phone number is not registered, it is easy to leak privacy, and which mobile phone numbers have been registered with the product can be easily known by others)

4. Third-party login

Note:

• The most common point to consider when logging in with a third party is whether you still need to bind your phone number, or whether you can skip it; (Look at the product: Jianshu is also a product that bothers me. I log in with my phone number, WeChat, and Weibo, which are three different accounts, and they cannot be merged together)
• For example, for apps like Meituan Taxi that require a mobile phone number verification code, you need to bind your mobile phone number when logging in with a third party; some products that want to create a lighter experience for users do not require binding a mobile phone number.

5. Forgot Password Process

Note:

• When entering a new password, you need to consider whether the password format meets the requirements, as well as how to clearly indicate it to the user and provide feedback to the user;
• Can the old and new passwords be the same? (For example, when retrieving the password for Adobe Creative Cloud, the new password cannot be exactly the same as the old password);
• After retrieving the password, which process do you enter? Do you go directly to the homepage? Or do you go to the account and password login page? Do you need to automatically enter the account and password you just retrieved?
• Some products may use email to retrieve passwords, but depending on the scenario, do everyone have emails, and can the mobile terminal receive emails at any time?

Summarize

Back to the beginning, the pros and cons of many functional details in the login and registration cannot be generalized, but should be considered based on specific scenarios.

In my previous two internships, both of my mentors told me that the login and registration logic is one of the several complex scenario logics (in addition to the shopping cart logic, return and exchange logic, etc.).

The above is my summary of the business logic of login and registration and some cases that need attention. It also helps me sort out my recent chaotic thoughts. I hope that people with different ideas can communicate with me.

One sentence that left a deep impression on me was: When doing any analysis, don't stick to the surface, think about the logic and deep reasons behind it. You don't need to get an exact answer, the process of thinking itself is a kind of gain.