Enhanced account security for >2M users
Federal regulations required financial services companies to implement additional security measures to protect consumers' financial accounts.
The team decided to use an authentication template from a third-party vendor to cut costs, but the template had significant flaws from an experience perspective.
The team decided to use an authentication template from a third-party vendor to cut costs, but the template had significant flaws from an experience perspective.
I was one of two designers tasked with crafting a seamless and secure authentication experience.
We had to get creative, partnering closely with the information security and engineering teams to develop work arounds to circumvent critical limitations of the chosen authentication template.
We had to get creative, partnering closely with the information security and engineering teams to develop work arounds to circumvent critical limitations of the chosen authentication template.
Paul Gehrig, Product Designer
Information Security Team
Engineering Team
Content Team
Rigid authentication template
Changes to the template were limited to color, type, content, and stying. No net new pages or components could be added.
Short implementation timeframe
Our team had just 6 months before federal legislation requiring Multifactor Authentication (MFA) kicked in, as a large organization we were forced to move quicker than usual.
How might we deliver a seamless and secure authentication experience given the template's limitations?
login success %
% of total accounts enrolled
Approach
Map limitations
What are the template's limitations and how do they affect authentication experiences?
Sketch solutions
Draw inspiration from other authentication experiences, wireframe potential solutions.
Test & iterate
Develop a proof of concept to test internally and interate before public release.
Map authentication experiences
We poked around in the test account and documented our findings, particularly highlighting which pages are reused and when.
Results
We found that a few key pages were being reused for different processes. The lack of context and progress indicators on the page made it very easy to get lost when trying to add a new authentication method.
What causes the most confusion when adding a new auth method?
We conducted a usability (or rather lack of usability) test to identify points of confusion in the baseline template and understand users expectations when adding a new method to authenticate.
Results
Most participants agreed that the duplicate screen that kicks off the add method experience causes the most confusion (there’s not even a back button!)
How do similar companies handle adding new authentication methods?
We looked for inspiration from other companies and took note of their authentication experiences.
Results
Most of the products we analyzed only allow users to manage authentication methods in their account settings after they’ve already logged in.
A simple, secure, and streamlined API-driven authentication experience
Clear progress indication during setup
Users know how many steps to expect and where they are in the process when enrolling.
Focused passcode entry
Less prominent secondary action buttons help users focus on the task at hand— entering a passcode.
Intuitively change authentication
Users can change authentication without an additional button and when it's top of mind.
Results callout
94%
of active accounts enrolled within 4 months of public launch
91%
of clients successfully authenticate in one session
>2 mil
accounts successfully enrolled in secondary authentication