Lock, Unlock, Login

Design for the lock screen and login experience. This supersedes the previous lock screen and login pages.

Objectives & Requirements

High-level goals:

  • Privacy is paramount - communicate it
  • Be an effective brand touch point and defining microinteraction
  • The lock screen should be useful - show useful information, allow appropriate interactions
  • Make access to the user's session as frictionless as possible
  • Differentiate between the user's personal session and the system context
  • Provide a clear spatial model, so users can orientate themselves

Detailed requirements:

  • Hide the user's session when they are away or have locked it
  • Allow accessing the session either with or without authentication (autologin)
  • While the screen is locked, show:
    • The date and time
    • Media controls
    • System status
  • Indicate when smart card or fingerprint authentication is available
  • Allow logging in as a different user
  • Scale between different usage scenarios:
    • One user
    • Small number of users (1-6)
    • Networked environments, such as shared office workstations and labs
    • Kiosks, such as libraries
  • Show login messages from sysadmins (these can be long, and are required for regulatory purposes)
  • Integrate with disk encryption
  • Allow selecting a session type when logging in
  • Password entry shouldn't be susceptible to brute force attacks
  • Allow the distribution to be identified

Relevant Art

See lock screen and login screen.

Discussion & Background

The latest design was informed by some perceived issues with the existing one. These include:

  • There are reoccuring issues around the discoverability of the interaction for raising the shield
  • Notifications don't get seen on the lock screen if you wake the computer by typing bug 776116.

  • It isn't an effective touch point - it's not delightful
  • The user list doesn't scale to large numbers of users. Nor does it look good for one user
  • Notifications:
    • In their default form, these don't provide a lot of information for a lot of visual noise
    • New notifications are "replayed" after the session has been unlocked, which reduces their usefulness on the lock screen
    • Screen wake ups can be inappropriate, for example in office environments
  • It's high-friction - it's a disruptive visual transition from the wallpaper to the grey login screen
  • It can be disorientating - there are a lot of paths, and it's not always clear how they connect.

Some more notes on this are available from the 2017 UX Design hackfest.

Tentative Design




Key features:

  • Shows the login screen for the last used user by default, without the need to select a user.
  • Uses a spatial model, supported by animated transitions, to integrate the different parts.
  • User selection doesn't show more than eight users. If there are more than this, it allows a user name to be entered in addition to picking one from the grid.
  • Allows graphical user selection to be disabled, in which case the user can be selected by entering a username.
  • Reduces notifications on the lock screen to a set of app icons with a notification count for each one.
  • Shows the distribution name in the top-left corner, both on the lock screen and when entering a password.

Static mockups:

Motion mockups:

Implications for other modules:

  • The "show message content on lock screen" notification setting no longer has a role.
  • There is no place for a dedicated lock screen wallpaper.

Outstanding tasks/questions

  • Visual guidance for how admin messages should be displayed.

  • Should it be possible to activate a notification, in order to go to the source after login? (If so, how?)
  • Guidelines for notification placement, motion, overflow.
  • The design incorporates a guest session, but there's been no surrounding design work for this.
  • Handling of urgent notifications, either from system components ("system is on fire"), (special-cased) desktop components ("calendar notifications"), or third-party applications ("call inbound")
  • What to show on non-primary monitors?
  • If the display isn't locked and the screen is woken up, should we automatically remove the shield and go straight to the session?
    • This would go with the idea of accessing the session with as little friction as possible.
    • However, it could potentially lead to stray input reaching the session.
    • It also means that users wouldn't see notifications on the lock screen (although they would be replayed in the session).
  • How to select a session type if password-less login is enabled?

See Also


Design/OS/LockUnlockLogin (last edited 2018-05-31 11:28:46 by AllanDay)