Laerdal Medical AS
Healthcare & Medical Technology
UX Design, Development
User session recordings revealed many instances of failed login attempts and confusion about where to go next. This was causing a steady stream of support tickets that were costly to complete and unnecessary when compared to modern digital systems.
I conducted an analysis of systems where a user password was required and found a range of different technical architectures, each with their own version of password requirements. This meant that it was inefficient and difficult for customers to remember their credentials when attempting to access different systems and platforms.
Research shows that users will always do what makes their lives easiest, even if they know that their behavior compromises password security. So if you create the kind of user experience that uses this tendency to encourage safe behavior, it helps you both keep their data secure.
NIST guidelines 2021
Working with the team digital director, I introduced the concept of a unified account to allow customers to sign in to the same account across all digital touchpoints. To ensure a good balance between security and usability, I defined an updated common password policy and worked on fine tuning the visual feedback displayed during the account creation and reset password processes.
It was important to remove the need for a complex password, as this approach was for the purposes of usability and speed of access. However, it was equally important to encourage users to be responsible for their own account security, by guiding them towards setting a stronger password. To support users when creating a new password, I introduced a visual indicator for indicating password strength with logic based on length and character combinations.
Over-complicated password rules were causing customers to frequently find themselves locked out from their user account, with no easy way to self-restore access. I introduced a set of reasonable password rules and crafted a new interface and interaction design for account access.
The previous Create Password form was complex.
NIST guidelines were central to redesigning both the UI and password policy itself.
Caption
To ensure successful implementation, I authored a report outlining the problems, research, and recommendations for required changes to the password policy.
Caption
Subsequent customer interviews and screen recordings revealed how the new unified account and password policy made it significantly easier for customers to self-solve and access their account.
The guidelines were implemented for all user accounts, causing a reduction in support tickets.
This resulted in a significant reduction in the number of support tickets raised during the authentication process, saving time and effort on the customer’s part, and cost to internal teams.
By removing mandatory composition rules (e.g., forcing four character types), the new policy reduces friction and supports stronger, more memorable passphrases — without compromising security.
The revised policy follows NIST recommendations, supporting best practices in both security and usability — such as allowing longer passwords, supporting spaces, and using feedback instead of restrictions.
A password strength indicator and plain-language helper text guide users to create strong passwords voluntarily, rather than through enforced complexity. This empowers users and reduces frustration.
The new policy supports accessible design (e.g., screen readers, unmasked entry options) and avoids early error messages, creating a more inclusive experience for all users.
With fewer lockouts and easier password creation, users are more likely to succeed on their own — leading to a drop in support tickets and a smoother login experience overall.