Making AGL login easier and
more secure for customers

Making AGL login easier and more secure for customers

Making AGL login easier and
more secure for customers

Services

Product Strategy & Innovation
UX + UI Design
UX Research
Team Augmentation
Design Ops

Company size

3000+ employees

Overview

Australia’s oldest energy company services around 4.3 million residential and business accounts. Exo Digital was engaged to provide UX consultancy to the AGL Digital Identity team responsible for providing login and authentication functionality, and management of customer personal data, across all of AGL’s digital platforms.

Exo Digital embedded a consultant within AGL for a year to work closely with Identity team stakeholders, provide UX leadership within the space and to work across various initiatives focused on bringing new features to users.

Exo Digital provided consultancy in the technology space responsible for login security across AGL’s digital platforms.

> 1.3M

Unique users with digital accounts*

> 4.8M

Authenticated visits per month^

>10

Digital authenticated platforms

Various

User types, security categories and edge cases to consider

*June 2024 My Account & native mobile apps = 1.291M. ^June 2024 My Account logins + native mobile app visits. 

Actual audience also includes enterprise users and is higher.

Our solutions

  • Minimising login friction

    Login is the first step in any authenticated experience so it needs to be easy so as not to frustrate customers or discourage engagement with digital platforms. Minimising login friction was a key UX goal for Identity feature initiatives.

  • Improving user security

    Maintaining security is paramount. Failure to do so can have dire consequences for users and cause huge repetitional damage to a brand as well as any legal and financial consequences. It was important that any attempts to reduce login friction didn’t significantly reduce security.

  • Increasing feature speed to market

    AGL utilised a mixture of custom login implementations and those provided by the Auth0 platform. To be able to quickly and reliably adopt new Auth0 features, custom implementations would need to be removed in some areas - a challenge in itself and front-of-mind when designing solutions.

  • Regulatory compliance

    As an internet and mobile service provider, AGL has to ensure compliance with stringent government-imposed security regulations designed to protect telco service customers. Our work would often involve collaboration or negotiation with AGL’s legal team.

  • Minimising login friction

    Login is the first step in any authenticated experience so it needs to be easy so as not to frustrate customers or discourage engagement with digital platforms. Minimising login friction was a key UX goal for Identity feature initiatives.

  • Improving user security

    Maintaining security is paramount. Failure to do so can have dire consequences for users and cause huge repetitional damage to a brand as well as any legal and financial consequences. It was important that any attempts to reduce login friction didn’t significantly reduce security.

  • Increasing feature speed to market

    AGL utilised a mixture of custom login implementations and those provided by the Auth0 platform. To be able to quickly and reliably adopt new Auth0 features, custom implementations would need to be removed in some areas - a challenge in itself and front-of-mind when designing solutions.

  • Regulatory compliance

    As an internet and mobile service provider, AGL has to ensure compliance with stringent government-imposed security regulations designed to protect telco service customers. Our work would often involve collaboration or negotiation with AGL’s legal team.

  • Minimising login friction

    Login is the first step in any authenticated experience so it needs to be easy so as not to frustrate customers or discourage engagement with digital platforms. Minimising login friction was a key UX goal for Identity feature initiatives.

  • Improving user security

    Maintaining security is paramount. Failure to do so can have dire consequences for users and cause huge repetitional damage to a brand as well as any legal and financial consequences. It was important that any attempts to reduce login friction didn’t significantly reduce security.

  • Increasing feature speed to market

    AGL utilised a mixture of custom login implementations and those provided by the Auth0 platform. To be able to quickly and reliably adopt new Auth0 features, custom implementations would need to be removed in some areas - a challenge in itself and front-of-mind when designing solutions.

  • Regulatory compliance

    As an internet and mobile service provider, AGL has to ensure compliance with stringent government-imposed security regulations designed to protect telco service customers. Our work would often involve collaboration or negotiation with AGL’s legal team.

Security uplift initiatives

Multi-Factor Authentication

Protecting users with
an extra layer of security

Protecting users with an extra layer of security

Multi-Factor Authentication (MFA) is a security feature in which more than one method is used to authenticate a user. Password is followed by a One Time Code (OTC) sent via SMS or email. This feature would be mandatory for users deemed at higher risk, whilst being an optional setting for others.

MFA now protects certain AGL customer types every time they log in.

Adaptive Multi-Factor Authentication

Protecting users when
login seems unusual

Protecting users when login seems unusual

Even for users not opted-in for MFA, a higher level of login security might be justified in certain scenarios. Adaptive Multi-Factor Authentication (AMFA) is a feature where MFA is automatically triggered when a login attempt seems unusual - for example when it is from a new device or unexpected location.

AMFA protected AGL customers 2600 times in June 2024.

Credential Guard

Proactive protection
from data breaches

Proactive protection from data breaches

A proactive security feature whereby the Dark Web is periodically scanned for username/password combinations which have been compromised due to a security breach. If the same combination was in use for an AGL account the user would be alerted to take action to protect their account.

Credential Guard protected AGL customers 2700 times in June 2024.

Consumer Data Right

Design

Consumer Data Right (CDR) is a government requirement intended to give consumers more control over their data, enabling them to share it with accredited third parties such as comparison websites.





Design of AGL’s CDR implementation was undertaken in a number of phases by Exo consultants. Starting with a white-label product, Exo consultants designed significant UX customisations to improve the usability of the base product. UI re-skin was also undertaken to promote user confidence.

Regulatory compliance

Achieving CDR compliance by understanding and adhering to specified UX standards set within CDR regulations was an important factor which the Exo Digital consultant had to manage for success.

Acceptance testing

AGL’s CDR implementation was being built by a 3rd party developer. The Exo Digital consultant played an important role in acceptance testing, raising and tracking defects to ensure quality.

Future of login

Universal Login

Paving the way for
advanced login features

Protecting users with an extra layer of security

AGL’s Identity roadmap sought make login easier for users by unlocking Auth0 authentication features such as Biometric and Passkey login. As a prerequisite, AGL would first need to transform its core login functionality to an out-the-box Auth0 implementation referred to as ‘Universal Login’.



This would require changing or rebuilding most of AGL’s login and identity flows. Our consultant was pivotal, mapping impact for all types of user holistically and maximising impact of the initiative by recommending UX uplifts across the board.

Biometrics and passkeys

Making login easier with
fingerprint and face ID

Protecting users when login seems unusual

Biometric Login and Passkeys are authentication features supported by the Auth0 platform - in different ways they make use of features such as fingerprint and face recognition to replace traditional authentication factors such as OTC, making login easier and quicker.



Both features had been proposed for the roadmap but not fully investigated. We conducted a UX review of each, contrasting them and recommending how they could work in the context of AGL’s specific platforms.

Profile management

Making login setup
feasy to understand

Proactive protection from data breaches

Login setup refers to the collection of authentication settings that determine a user’s experience when they log in. Clear communication of this setup makes login predictable, reduces cognitive load and promotes confidence and trust. As part of ideation, the consultant provided recommendations and wireframes of how settings screens within AGL’s platforms could be improved.

Explore case studies

Work with us

We love to work with businesses who have problems we can help solve. Find out how we can help you achieve your business goals.

Get in touch today