Where journeys actually fail
Registration, not login, is where account access breaks down. People abandon on the fields they hesitate over, like date of birth and postcode.
Registration, login and passwordless one-time links for the MyAccount experience of one of the UK's biggest insurers, plus the redesign work I took the journeys through beyond what shipped.
Project frame: One of the UK's biggest insurers: registration, login and passwordless access for MyAccount
Matching new users to an existing policy on sensitive fields, with validation that prevents errors before they happen.
One-time, time-boxed links so people get in without a password to forget or reset.
Compliance and data-use needs built into the flow from the first draft, not bolted on at review.
Each field shipped as a small state machine, with accessibility structural rather than a final-pass audit.

Account access is the front door to everything a customer can self-serve, yet it is where regulated journeys quietly lose people. New customers must be matched to an existing policy using sensitive details, and a single unclear error or forgotten password sends them to a call centre instead of their account.
Registration, not login, is where account access breaks down. People abandon on the fields they hesitate over, like date of birth and postcode.
Forgotten passwords are a leading driver of account-access support contact, which made passwordless more than a convenience.
As an FCA-regulated journey, wording, consent and data use had to be right, so I partnered with compliance from the first draft.
Patterns had to hold up across brands and themes, so they were designed against the design system rather than as one-offs.
At one of the UK's biggest insurers I worked on MyAccount, the place customers go to manage their car, van and home cover. My focus was the way in: registration, login and passwordless one-time links, with a hand in the account home itself. Account access sounds simple. In a regulated business it is one of the highest-stakes flows there is, because the alternative to a smooth login is an expensive phone call.

Everyone talks about login, but registration is where account journeys actually break. A new customer is not creating an account from nothing; they are being matched to a policy that already exists, using details like surname, date of birth and postcode. Get the matching wrong and they are locked out of their own cover. So the flow keeps each step small: confirm your email first, then the details we use to find you.

The details step is where care matters most. Date of birth and postcode are the fields people fumble, and a vague error is enough to make someone give up. The flow validates each field and speaks plainly when something is off.

Once details check out, we confirm rather than leave people wondering.

The strongest lever on account access is not a better password field; it is removing the password. The experience offers a one-time login link alongside the classic email and password, and mirrors it with password reset, so nobody hits a dead end on a small screen.

The one-time link email itself is part of the design. It has to be reassuring, unmistakably from us, and safe by default.

I also had a hand in the account home. The goal is instant reassurance: what is covered, and what to do next. Everything else is secondary to that first glance.

The screens above are what went live. A good deal of my work ran ahead of them. This is the registration flow rebuilt around one idea: reduce the moments where a real person hesitates.

None of that is decoration. Each change maps to a specific place people stall.

Regulated journeys are won or lost in the states most designs skip. I treated each input as a small state machine and specified the edges, then made accessibility structural rather than a final-pass audit.

The live product treats one-time links as a secondary option. I explored making them the default, so the safest way in is also the first one people see, with the password kept a single tap away for anyone who wants it.

Because this is account access, the numbers that matter are completion of registration, error rates on the fields people fumble, the share of logins that go passwordless, and the volume of forgotten-password support contacts. I designed the flows so those are the things that move, and worked with product, engineering and compliance so the wording and consent were right long before launch.
The shipped work gave customers cleaner registration, login and passwordless access to MyAccount. The patterns I designed on top, progressive registration, positive validation, full state and accessibility coverage, and a passwordless-first login, show where I took the journeys next.
Details are under NDA, shown here as outcomes and ratings without confidential specifics.