Epic: Sign Up 

 
Basic Sign Up 
Precondition​:  User  doesn’t  have  an  account  on  the  platform,  so  email  doesn’t 
exist in the platform’s database 
 
- Sign up form 
- Design for Sign up form 
- Copy  for  User  to  check  if  he  is  on  the  right  link  to  avoid  phishing 
or scam 
- Needed information on Sign up form:  
- Field for “Valid email” 
- Error message: “Entered email is not valid”,” 
- Email already exists” 
- Field for “Password” 
- Password  rule,  for  example:  “Password  must  contain 
at  least  8  character”,  OPTIONAL  -  password  strength 
checker 
- Error  message:  “Password  must  contain  at  least  8 
character”,  “Password  could  only  contain  following 
characters: ….” 
- Field for “Confirm password” 
- Error  message:  “You  must  enter  the  same  password 
as above” 
- REGISTER button 
- Keep  this  button  disabled  until  all  form  fields  are 
completed 
- Error  message:  “Complete  required  field”,  “Please 
accept terms of Use” 
- Link​ to “Log in” 
- Checkbox for accepting the Terms of Use 
- Compliance part 
- Needed information: 
- Link ​to Terms of Use 
- Checkbox  (or  some  other  UI  element)  to 
confirm that the User is accepting the Terms of 
Use 
- Recaptcha or some other security check when submitting “Sign up” form 
- For example 
- Screen for User that the verification email has been sent 
- Design for this screen 
- Copy for this screen 
- Needed information on that screen: 
- Resend email​ link 
- Screen for Resend email 
- Design for this screen 
 - Copy for this screen 
- Confirmation email with a verification link 
- Design for this email 
- Copy for this email 
- Needed information in this email: 
- Link​ for verification 
- “VERIFY EMAIL” button 
- Link​ for contacting support if it isn’t User’s action 
- Screen that the email verification was successful 
- Design for that screen 
- Copy for that screen 
- Needed information on that screen: 
- ​Log in​ link redirection 
 
Postcondition​: User’s account is created. 
 
Interesting notes: 
1) Kucoin​ has an easy register flow with the following steps: 
a) Sign up form contains the following fields: 
i) Email input field 
ii) “Send code” button 
iii) Email Verification code input field 
iv) Checkbox for Terms of Use 
v) “Next” button for submitting the form 
When  the  User  enters  his  email,  he  has  first  to  click  on  “Send  code” 
button.  After  that,  User  needs  to  check  “I’m  not  a  robot”  recaptcha.  A  pop-up 
message  will  then  appear  on  the  form  with  the  following  message:  “Sent 
successfully”.  After getting the verification code in the email, enter this code in 
“Email  Verification  code”  input  field  and  click “NEXT”. A new form will appear to 
set password with the following fields: 
- Login password 
- Confirm password 
- Referral code (optional) 
- “SUBMIT” button 
After submitting this form, User will be redirected to his created account. 
Conclusion:  the  number  of  steps  for  registering  an account is reduced and all 
the process is easier and faster (maybe more User friendly).  
2) Some  platforms  require  “​Country  or  Region of Residence​” information in 
the register form, ​Bitmex ​for example. 
 
→  Above  is  described  the  most  common  way  of  “Sign  up”  but,  apart  from  this 
flow, on some platform you can register via:  
- Social Networks (Facebook, Twitter): CEX.io, Changelly, Celsius, 
- Mobile Phone: Bibox, 
- Google Account: CEX.io, Changelly, Celsius, 
- Other accounts like: Github (CEX.io), VK (CEX.io), Telegram (CEX.io).... 
 
If “SIGN UP” is possible via Google or another Social networks,  
- UI should adapt to provide those options, 
- Forgot password​ flow will be different, 
- Change password​ flow will also be different 
 
Sign  Up  with  a  Social  Network account or another supported account (Github, 
Telegram, Twitter) 
Precondition:  User  does  have  a  registered  account with the platform he wants 
to sign up with. 
 
- Choice of platform User wants to sign up with 
- Recaptcha 
- Complete  additional  information  that  is  not  provided  by  the  platform 
the User is signed up with (optional) 
- Email verification  
 
Postcondition​: User’s account is created. 
 
Epic: Log in 
 
Precondition:​ User does have a registered account. 
 
- Log in form 
- Design for Sign in form 
- Copy  for  User  to  check  if  he  is  on  the  right  link  to  avoid  phishing 
or scam 
- Needed information on Sign in form:  
- Field for username/email 
- Error message: “Email or password is wrong ” 
- Field for password 
- Error message: “Email or password is wrong ” 
- SUBMIT/LOG IN button 
- In  case  that  a  wrong  combination  of  email  and 
password  is  performed,  User  receives  an  alert  on  his 
email that a wrong attempt of login happened.  
- LINK​ to “Forgot password” 
- Recaptcha verification 
- If 2FA is set 
- Field for 2FA code issued by 2FA App 
- LINK​ to “2FA Unavailable” 
- SUBMIT/BUTTON  (or  User’s  redirection  to  his 
profile/dashboard/wallet when the right code is completed) 
 
Postcondition:  User  is  logged  into  the  platform  and  receive  an  email  with  the 
following  information:  Timestamp  of  login,  p ​ lace  of  login,  ​device  from  where 
login  action  was  performed,  ​IP  address​.  Also,  a  ​LINK  for  f​ reezing  account  and 
contact  support  m ​ ust  be  provided  in  case  User  did  not  conduct  this 
operation. 
 
Forgot password 
 
 
Epic: 2FA 
 
Where this option can be found: 
- On profile page, under the dedicated tab for “Security settings” 
- On  a  link,  provided  in  a  pop-up message with the following type of alert: 
“Please  set  your  2FA  verification  and add a stronger layer of security for 
your  account.  ​Set  2  FA  ​.”  (Click  on  this  link,  the  User will be redirected to 
his Security settings) 
- In  a  contextual  modal  window,  given  after  User’s  registration (or login is 
User  hasn’t  set  is  yet).  In  that  modal  window,  several  types  for  2FA  are 
proposed  (like  SMS  authentication  or  Google  authentication)  and  also 
the  option  to  “Skip  2FA  authentication”.  (Binance).  This  modal  will 
prevent User after each log in. 
 
Enable 2FA verification 
Precondition:  User  does  have  a  registered  account  and  is  logged  into  the 
platform. 
- Choose how to set 2FA verification 
- By SMS 
- By  Google  Authentication  or  ​another  Auth  Service  (for  Example 
OTP auth App) 
The most used App is Google Authenticator. 
- Inform  User  how  to  install  an  authentication  App  (for  example  Google 
authenticator) 
- User’s  Backup  Key  information:  Provide  to  the  User  his  backup  key  and 
inform him to write it on a piece of paper and keep it in a secure place. 
- Show QR code for scanning 
- Field for Authentication code issued by Authentication App 
- Error message: “Verification code is wrong” 
- SUBMIT button 
 
Postcondition: U ​ ser’s set 2FA authentication. 
 
Disable 2FA verification 
Precondition:  User does have a registered account, is logged into the platform 
and has 2FA set. 
- Screen to Confirm that User wants to disable his 2FA verification  
- Design for this screen 
- Copy for this screen 
 - By email 
- Design for this email 
- Copy for this email 
- Needed information in this email:  
- LINK​ to confirm 2FA disabling 
- BUTTON to confirm 2FA disabling 
- LINK​ for f​ reezing​ account and ​contact support  
- By entering his account password 
 
Postcondition:  ​2FA  is  disabled.  Also,  User  receives  an  email  with  the  following 
information:  Timestamp  of  action,  p ​ lace  of  action,  ​device  from  the  action  was 
performed,  I​ P  address​.  Also,  a  ​LINK  for  ​freezing  account  and  ​contact  support 
must be provided in case User did not conduct this operation. 
 
 
 
2FA unavailable (see Kucoin flow) 
 
Precondition: 2 ​ FA is enabled for the user. User has lost access to 2FA device.  
- Screen for requesting 2FA retrieval 
- Copy for this screen  
- Design for this screen  
 
- Screen for security verification security verification  
- Copy for this screen  
- Design for this screen  
- By Email  
- Code for verifying the validity of request  
- Screen for verifying users identity  
- Submitting a photo of an ID or an other document. 
-Front of the document 
- Back of the document 
 
-  Submitting  a  selfie  of  users  face  holding  the  identifying 
document as well as a note  
- Email notification to confirm that the process has started 
- Copy for the email  
- Design for the email  
 
 
Postcondition: U ​ ser  
 
 
Epic: KYC/AML  
Notes:  KYC  flow  can  be  different  depending  on  compliance  and  business 
decision. 
 
Precondition:  User  does  have  a  registered  account  and  is  logged  into  the 
platform.  Key  features  (for  example  large  withdraw  (exchange),  loans  (Celsius), 
...)  of  the  platform  must  be  unavailable  to  the  User  until  he  passes  KYC 
verification and is approved. (depending on compliance). 
 
- Basic information 
- First name 
- Last name 
- Middle name (optional) 
- Date of birth 
- Residential address 
- Address 
- Postal Code 
- City 
- Country 
- ID info 
- Issuing country 
- ID type 
- Passport 
- Identity Card 
- Driver’s licence 
- Digital copy of ID type (readable photos) 
- Front photo 
- Back photo 
- Facial Confirmation 
- Face verification  
- Selfie  with  a  piece  of  paper,  ID  type  and  signature  (for 
example) 
- Perform  facial action in front of camera (open mouth, shake 
head, ...) 
 
 
Postcondition:  U ​ ser  receives  an  email  if  he  passed  or  not  the  KYC  process.  If 
User passed KYC, all platform features would be unlocked. 
 
Terms of Use must be defined.  
 
 
N  Epic/Story Description  label  MoSCo
/JTBD  W 

1  Sign Up  This epic contains all stories related     

to Sign Up flow. 
-In this epic a graphic presentation 
of complete sign up flow should exist 
 (inVision, draw.io, ...)  
-Link to some documentation will also 
be a plus 

2  As a User  Precondition​:  User  doesn’t  have  an  ● Design  Must 

ISBAT  account  on  the  platform,  so  email  ● Copy  have 
complete  doesn’t  exist  in  the  platform’s  ● Error 
Sign Up  database  message 
form so I  for fields 
Needed information on Sign up form: 
can use 
● Field for “Valid email” 
the 
Platform  Field for “Password” 
● Field for “Confirm password” 
● REGISTER button 
● Link​ to “Log in” 
● Link ​to Terms of Use 
 
Acceptance criteria: 
-If  an  account  with  entered  email 
already  exists,  User  should  be 
informed  that  account  with this email 
can’t be created. In that case,  
“Log in” should be proposed. 
-Terms  of  Use  must  be  accepted  to 
allow submitting Sign up form 
-All  fields  must  contain  valid  data: 
valid  email  format  and  valid 
password format. 
-Clicking  on  “REGISTER”  button  will 
submit  entered  data  and  proceed  to 
verification. 
Postcondition​:  User  receives  an email 
verification  to  confirm  his 
subscription. 

3  As a User  Precondition:  User  does  have  a  ● Add  Would 

ISBAT Sign  registered  account  with  the  platform  Design  be good 
Up with a  he wants to sign up with.  element  to have 
Social    to the  this 
Network  Sign Up  feature 
Acceptance criteria: 
Account  form  later 
-User  has  to  choose  the  account  he 
or another  ● Copy 
supported  wants  to  sign  up  with  (for  example:  if  ● Which 
account  he  is  logged  in  in  several  Google  accounts 
so I can  account  on  his  computer,  he  must  are 
use the  choose which one to use for Sign up)  supporte
Platform  -No  password  will  be  set  if  User signs  d? 
up with a Social Account 
 Postcondition​:  User’s  account  is 
created. 
 
 

4  As a User  Terms  of  Use  document  must  be  ● Complia Must 

ISBAT  clearly  accessible  to  the  User  so  he  nce part  have 
read the  can  take  part  to  the  platform’s  rules  ● Design 
Terms of  and  be  aware  of  all  risks  if  he  breaks  ● Copy 
Use before 
the  law.  Also,  this  document  must 
I register 
provide  a  list  of  all  functionalities 
to the 
Platform  provided by the platform 
 
Acceptance criteria: 
-Terms  of  Use  are  easy  to  find on the 
Platform 
-Terms  of  Use  clearly  explain  the 
platform’s purposes and rules 
-Terms of Use clearly explain the risks 
of  using  the  platform  in  a  malicious 
way 

5  When I’m  The levels of strength are:  ● Copy  Would 

creating  - Low  ● Design  be good 
my  - Normal  to have 
password  - High  this 
for  feature 
- Strong 
Signing  later 
- Very Strong 
up, I want 
to know   
my  Acceptance criteria: 
password  -define  the  rule  to apply to define the 
strength  password strength 
so I can  -Only  allow  submitting  sign up form if 
secure my  the password is strong or very strong  
account in  -Show  good  case  practices  and  tips 
a best 
on how to create a strong password 
possible 
way 

6  When I  Precondition:  S​ ign  up  form  filled  out  ● Copy  Should 

submit  with valid data and submitted..  ● Design  have 
Sign Up    ● Design 
form, I  Acceptance criteria:  email 
want to be  ● Copy for 
-Show to the User a confirmation that 
informed  email 
an  email verification has been sent to 
that an 
email  him  
verificatio
 n has  -”Resend  email”  option  must  exist  to 
been sent  initiate  email  sending  again  if  the 
so I can  User  doesn’t  receive  email  the  first 
check my  time 
inbox 
 
Postcondition:  ​Message  about  email 
verification sending is shown to User.   

7  As an  Acceptance criteria:    Good to 

Admin I  -User  must  validate  Recaptcha  have 
want to  verification to submit Sign up form 
prevent 
SPAM by 
implement
ing a 
Recaptcha 
(security 
measure) 
on Sign 
up.  

8  As a User  Precondition:  U ​ ser  receives  email  for  ● Design  Must 

ISBAT  verification.  for  have 
confirm    verificati
my  Acceptance criteria:  on email 
registratio ● Copy for 
Verification email must contain: 
n by  email 
-Link​ for verification 
verifying 
my email  -“VERIFY EMAIL” button 
so my  -Link  for  contacting  support  if  it  isn’t 
account  User’s action 
can be  -Clicking  on the link or button, User is 
created.  redirected  to  the  confirmation 
message.  After  this,  User  will  be 
redirected to the login page. 
 
Postcondition:  ​By  confirming  User’s 
email address, his account is created. 

9  As a User  Precondition: E​ mail confirmed    Could 

ISBAT be    have - 
redirected  Acceptance criteria:  Good to 
on Login  -Login  form  should  be  presented  to  have 
page after  -Can 
the User 
successfull avoid 
 
y having  User’s 
confirmed    “bounce 
email  rate” 
address 
 10  As  a  User  If  provided  account  to  sign  up  with  ● Informati Would 
ISBAT  don’t  contain  all  needed  information  on that is  be nice 
complete  for  registration,  User  must  provide  MANDAT to have 
additional  missing  data  that  is  mandatory  for  ORY for  later 
registrati
informatio sign up process. 
on 
n  that  is   
process 
not  Acceptance criteria:  must be 
provided  -Each filled out field must be valid  defined 
by  the  -Need  some  UI  element  to  go  a  step 
account  further  in  sign  up  process  (for 
I’m  signing  example “NEXT” button, ...) 
up with.  

11