Flow
Verification is a critical role to promise security for a user in the early phases of onboarding, which means it must be a smooth experience that feels helps rather than burdensome.
Steps
Reset
Establish a trigger point
Clearly indicate when verification is required, giving context as to why verification is necessary
It is common to verify the email or phone number used for account creation, because this is ensuring the person with access to those details is the same person creating the account.
Method selection (optional)
Depending on the level of sophistication you want to offer, you can make multiple verification methods available (email, SMS, authenticator). The common default is what the user is using to sign up with e.g. if signing up with email address, send code to email.
Confirm delivery and contact information used
Display the email address or phone number where the verification will be sent so the user can see it is the correct destination. That way if they have not received a code and the contact information provided was incorrect, they can see this, go back, and enter the correct value.
Ability to input verification code
The input field can be intuitive to show a field per digit, but the default input field is perfectly accessible.
Incorrect value (and resend option)
Provide specific error messages for different failure scenarios and clear next steps:
Expired code: offer link to send a new code
Incorrect code: ask to check email/SMS again or offer link to send new code
Too many incorrect attempts: contact support team or wait for defined time period before trying again
Verification success state
Display clear confirmation when verification succeeds and continue to next step of interface.
