Epic: SM-39 - ONB: Get secure access to the application Done
User story: SM-1209 - Setup user key and password Done
User story: As a customer I want to setup my password so that I can securely access application.
Role: Customer
Objective: The customer registers their phone number and password.
Reason: The customer wants to be able to log into the app.
Functional requirements:
Sign-up is only accessible for customers, who have confirmed - this will be covered in different stories:
Privacy Policy
Terms and Conditions for the app
Chosen their Tone of voice
Customer is presented with RO screen describing the 4 steps of Onboarding, the first step is highlighted
Customer enters their phone number
Only PH mobile phone numbers are allowed
Mobile phone numbers are always 10 digits (three digits for the service provider, plus a seven-digit number)
Phone number has to be verified. SMS OTP is sent to the provided phone number, the customer types the OTP into the app.
OTP is a 6 digit numerical code, it is valid for 5 minutes counted from the moment when SMS is sent to the customer
Customer has the option to initiate a resending of the SMS OTP. By doing so the following happens:
Currently valid OTP is set as expired
New OTP is generated and sent
Customer sets an alpha-numeric password, which:
is allowed to use digits and letters only (no special characters e.g. !_...))
is at least 6 characters in length, with at least 2 alpha characters
is at least 6 characters in length, with at least 2 numeric characters
is allowed to be 8 characters as a maximum length
supports both lower and upper-case characters
is only a combination of digits and alpha characters
if reaches minimal requirements the security meter shall turn yellow and allow it to continue to the next screen
when inputting 8 characters long, the meter shall indicate maximum security
Customer repeats the entering of a valid password
Customer sees the password strength meter next to the input field and can adjust his password to achieve a stronger (green) password strength level.
A valid password is assessed for its strength, and based on the level of strength the customer will receive loyalty points (tokens) - OUT OF SCOPE FOR PoC
In case the device supports biometrics, the Customer is presented with a device biometry prompt in order to allow usage of this factor for authentication purposes
Customer who allows this is rewarded with loyalty points - OUT OF SCOPE FOR PoC
Finishing the above-mentioned steps triggers:
Customer can log out from the onboarding flow and login again using their password
Not finishing the above-mentioned steps will result in:
after 7 days the Prospect account will be invalidated so that the phone number can be again used in onboarding
all harvested data including device fingerprint (dvid) remain stored
In case there will be 3 negative attempts to enter a password, the Prospect account will be invalidated and the flow restarted.
Dependency on Consent https://www.figma.com/file/dkDQHRa1zq7tU58MiL6hBR/SaFi---UI---MVP-(Shared)?node-id=484%3A7300:
1. Customer entity in Prospect status will be created after obtaining consent from the Customer
2. Device fingerprint (dvid) is harvested after obtaining consent from the Customer
UI requirements: Simple and straightforward instructions for the Customer related to a phone number, and rules for password creation. A screen for device biometry needs to be created as it is missing.
Process flow: diagram depicting the logical flow of the user story (where applicable), possibly with
sub-flow and their requirements
Execution steps: see above
Internal dependencies: TBD
External dependencies: OTP generator and SMS service integration for Customer service
Alternative scenarios:
The customer does not finish the Sign-up step
The customer uses a phone number that is already used
Acceptance criteria:
password is checked against the set rules
Links to wireframes/UI: FIgma: SaFi Wireframes / https://www.figma.com/file/dkDQHRa1zq7tU58MiL6hBR/SaFi---UI---MVP-(Shared)?node-id=79%3A4583
Attachments:
Sign-up diagram (application/vnd.jgraph.mxfile)
~Sign-up diagram.tmp (application/vnd.jgraph.mxfile)
~Sign-up diagram.tmp (application/vnd.jgraph.mxfile)
~Sign-up diagram.tmp (application/vnd.jgraph.mxfile)
~Sign-up diagram.tmp (application/vnd.jgraph.mxfile)
~Sign-up diagram.tmp (application/vnd.jgraph.mxfile)
~Sign-up diagram.tmp (application/vnd.jgraph.mxfile)
~Sign-up diagram.tmp (application/vnd.jgraph.mxfile)
Sign-up diagram (application/vnd.jgraph.mxfile)
Sign-up diagram.png (image/png)