Save their progress

[govuk-design-system]

Also known as: save and return, save and continue

What

Help users save their progress in your service, so they can continue later.

Example on 'Make a claim to an employment tribunal'

Why

Anything else

• Read the draft guidance on Dropbox Paper

Related items:

• Create account

[edwardhorsford]

I think this will probably need a few different solutions - depending on whether the service has accounts / verify / any other identifying key, and the sensitivity of the data returned.

Without accounts, another way to retrieve an application might be magic links / sms authentication - though we'd need to check on the security of these mechanisms.

[millieg]

I'm working on a service which uses Verify to authenticate the user, then asks for lots of personal information. Currently I can only find a form pattern which allows a 'Save and continue' for the user to complete all in one session, but there may be cases where the user needs to stop and come back later - if this is the case, it would not be good security to keep them logged in. What is the preferred pattern for this? is it just a sign out link in the header, (which isn't particularly findable), or do we give them a bit more handholding such as a secondary button or link to save and come back later?

[timpaul]

Hi Millie. I think you're right, you would need to offer more than just a sign-out link. If the user is already authenticated then I'm guessing their progress is being saved automatically - so this is more to reassure them that they won't lose work and to encourage them to sign out?

I'd start by considering where in the transaction and where on the page they are likely to be when they need to stop, and placing a call to action there. A task list page can be a useful place to send people when they sign back in - to remind them of what they've already done.

[murrlipp]

Can anyone advise on the security implications of using one or several security questions (e.g. what is the name of the street you grew up on?) instead of having the user create a memorable word? I'm working on a service where vulnerable users are filling out a lengthy application form which can potentially be quite emotionally triggering and traumatic for our users, so we'd ideally like to keep the cognitive load and effort as low as possible.

We cannot use SMS or email authentication as in some instances our users will be applying via a call centre, with a customer service representative filling the application form in on their behalf, and the representative may also need to use the save and return function.

[lfdebrux]

@murrlipp that's an interesting scenario; in general the Design System recommends against using security questions (see our guidance on password reset questions in the password pattern page), which aligns with advice from the National Cyber Security Centre.

I've chatted with @OllieJC from GDS cyber-security, and in this scenario we would probably recommend that you still use an autogenerated key, that is given to the user either by the browser or by the call centre agent. One option to reduce the stress could be to look at an easier to remember/note down form of key, such as an autogenerated three random word password, which the NCSC also recommends.

[chrisadesign]

More examples

Standard Visitor visa

Apply for or renew a Blue Badge

Apply for an environmental permit

Census

Cencus 2021 did this as well, it's closed now but they have documentation in their design system for access codes and save and sign out.

[sulthan-ahmed]

We do save and return on Report Modern slavery

[sulthan-ahmed]

Have you got any guidance of how long a magic link or code should last for?

[edwardhorsford]

@sulthan-ahmed I think on a previous service we went with something between 5mins to 30mins - partly it depends on how defensive you need to be for security. I'd also want to make sure your infrastructure is set up well so emails are delivered as fast as possible.

[sulthan-ahmed]

thanks @edwardhorsford you're always so helpful 😸

[edwardhorsford]

@sulthan-ahmed thanks! One thing to note is we made it super easy to request a new code - so the costs of it being short were rather mitigated.

[sulthan-ahmed]

Interesting. We are probably going to do the 30mins route but we'd still like to make it super easy for users. Is there any way to see how you've made it super easy @edwardhorsford ?

[stevenjmesser]

MOJ Forms has implemented a feature for this. See their recent blog post. Possibly related to #181.

[ylkamau]

I'm currently in the process of designing a form that integrates a third-party product. Unfortunately, the third-party tool lacks an auto-save function, prompting our team to explore alternative solutions. Below are the options we've brainstormed. If anyone has encountered a similar situation or has valuable insights to share, I would greatly appreciate hearing from you.

Issues:

• Every time a user clicks 'save,' the system sends them a link for them to return.
• Adding a 'save and exit' button: Will this make the interface too crowded?
• Should we include a 'back to the task list' button for users to navigate back?"

Your opinions and comments are most welcome.
Thank you all.