Enhanced account security for >2M users
Federal regulations required financial services companies to implement additional security measures to protect consumers' financial accounts.
The team decided to use an authentication template from a third-party vendor to cut costs, but the template had significant flaws from an experience perspective.
The team decided to use an authentication template from a third-party vendor to cut costs, but the template had significant flaws from an experience perspective.
I was one of two designers tasked with crafting a seamless and secure authentication experience.
We had to get creative, partnering closely with the information security and engineering teams to develop work arounds to circumvent critical limitations of the chosen authentication template.
We had to get creative, partnering closely with the information security and engineering teams to develop work arounds to circumvent critical limitations of the chosen authentication template.
Paul Gehrig, Product Designer
Information Security Team
Engineering Team
Content Team
Ideation
How might we deliver a seamless and secure authentication experience given the template's limitations?
Core Metrics:
login success %
% of total accounts enrolled
Approach
Map limitations
What are the template's limitations and how do they affect authentication experiences?
Sketch solutions
Draw inspiration from other authentication experiences, wireframe potential solutions.
Test & iterate
Develop a proof of concept to test internally and interate before public release.
Map authentication experiences
We poked around in the test account and documented our findings, particularly highlighting which pages are reused and when.
Results
We found that a few key pages were being reused for different processes. The lack of context and progress indicators on the page made it very easy to get lost when trying to add a new authentication method.
What causes the most confusion when adding a new auth method?
We conducted a usability (or rather lack of usability) test to identify points of confusion in the baseline template and understand users expectations when adding a new method to authenticate.
Results
Most participants agreed that the duplicate screen that kicks off the add method experience causes the most confusion (there’s not even a back button!)
How do similar companies handle adding new authentication methods?
We looked for inspiration from other companies and took note of their authentication experiences.
Results
Most of the products we analyzed only allow users to manage authentication methods in their account settings after they’ve already logged in.
Solution
A simple, secure, and streamlined API-driven authentication experience
Results callout
94%
of active accounts enrolled within 4 months of public launch
91%
of clients successfully authenticate in one session
>2 mil
accounts successfully enrolled in secondary authentication