SaFi Bank Space : Setup password

Epic: SM-39 - ONB: Get secure access to the application Done

User story: SM-1209 - Setup user key and password Done

User story: As a customer I want to setup my password so that I can securely access application.

Role: Customer

Objective: The customer registers their phone number and password.

Reason: The customer wants to be able to log into the app.

Functional requirements:

• Sign-up is only accessible for customers, who have confirmed - this will be covered in different stories:

  • Privacy Policy

  • Terms and Conditions for the app

  • Chosen their Tone of voice

• Customer is presented with RO screen describing the 4 steps of Onboarding, the first step is highlighted

• Customer enters their phone number

  • Only PH mobile phone numbers are allowed

  • Mobile phone numbers are always 10 digits (three digits for the service provider, plus a seven-digit number)

• Phone number has to be verified. SMS OTP is sent to the provided phone number, the customer types the OTP into the app.

  • OTP is a 6 digit numerical code, it is valid for 5 minutes counted from the moment when SMS is sent to the customer

  • Customer has the option to initiate a resending of the SMS OTP. By doing so the following happens:

    • Currently valid OTP is set as expired

    • New OTP is generated and sent

• Customer sets an alpha-numeric password, which:

  • is allowed to use digits and letters only (no special characters e.g. !_...))

  • is at least 6 characters in length, with at least 2 alpha characters

  • is at least 6 characters in length, with at least 2 numeric characters

  • is allowed to be 8 characters as a maximum length

  • supports both lower and upper-case characters

  • is only a combination of digits and alpha characters

  • if reaches minimal requirements the security meter shall turn yellow and allow it to continue to the next screen

  • when inputting 8 characters long, the meter shall indicate maximum security

• Customer repeats the entering of a valid password

• Customer sees the password strength meter next to the input field and can adjust his password to achieve a stronger (green) password strength level.

• A valid password is assessed for its strength, and based on the level of strength the customer will receive loyalty points (tokens) - OUT OF SCOPE FOR PoC

• In case the device supports biometrics, the Customer is presented with a device biometry prompt in order to allow usage of this factor for authentication purposes

  • Customer who allows this is rewarded with loyalty points - OUT OF SCOPE FOR PoC

• Finishing the above-mentioned steps triggers:

  • Customer can log out from the onboarding flow and login again using their password

• Not finishing the above-mentioned steps will result in:

  • after 7 days the Prospect account will be invalidated so that the phone number can be again used in onboarding

  • all harvested data including device fingerprint (dvid) remain stored

• In case there will be 3 negative attempts to enter a password, the Prospect account will be invalidated and the flow restarted.

Dependency on Consent https://www.figma.com/file/dkDQHRa1zq7tU58MiL6hBR/SaFi---UI---MVP-(Shared)?node-id=484%3A7300:

1. Customer entity in Prospect status will be created after obtaining consent from the Customer

2. Device fingerprint (dvid) is harvested after obtaining consent from the Customer

UI requirements: Simple and straightforward instructions for the Customer related to a phone number, and rules for password creation. A screen for device biometry needs to be created as it is missing.

Process flow: diagram depicting the logical flow of the user story (where applicable), possibly with
sub-flow and their requirements

Execution steps: see above

Internal dependencies: TBD

External dependencies: OTP generator and SMS service integration for Customer service

Alternative scenarios:

1. The customer does not finish the Sign-up step

2. The customer uses a phone number that is already used

Acceptance criteria:

• password is checked against the set rules

Links to wireframes/UI: FIgma: SaFi Wireframes / https://www.figma.com/file/dkDQHRa1zq7tU58MiL6hBR/SaFi---UI---MVP-(Shared)?node-id=79%3A4583