Project Overview
For the company and all distributor partners of Secure Group, with the ever-increasing customer base and product popularity, it was a must-have to add an extra layer of security. The challenge was to discover the most secure, appropriate, and user-friendly solution and design a seamless experience for all the users.
The Problem
The two-factor authentication addresses multiple threats like Stolen Passwords, Phishing Attempts, Social Engineering, Brute-Force Attacks, Broken Logic, Key Logging.
My Role
My initial contribution started with technical and competitive research of existing and ready-to-implement two-factor authentication solutions. I distilled and synthesized research insights that informed our design and business development decisions. I created low-fidelity prototypes for multiple possible solutions for further usability testing and idea validation. My contribution continued with design, development hand-off, quality assurance, and 30 day in-app analytic and customer interviews to make sure the solution value was exceeded.
Outcomes
The team discovered the most appropriate implementation for our products and customers by finding the balance between usability, seamless user experience, security, business objectives, and available development resources at the moment. In the end, the team decided to implement an MVP version of the 2FA functionality relying on the existing infrastructure. Finally, I made the development hand-off with a high-fidelity prototype, UI guidelines, and assets/artifacts.
What is 2FA?
2FA is a form of authentication. Authentication is the process by which organisations verify that you are who you claim to be. Three things can verify a person: What you know e.g. passwords; What you have e.g. phone; What you are e.g. fingerprint, face recognition, etc.;
Types of 2FA
Before going any further I reasearch all available and noteworthy tecnologies, there are three 2FA options appropriate for our solution. The three options are: PGP encrypted message with a verification code; Push-based authentication; Authenticator apps;
Wireframes
Each of the discussed options was represented with a wireframe and further connected into a user flow for usability testing and idea validation.
Priority Matrix
A priority matrix summarised the comparison between all the options based on security and ease of use.
Enabling 2FA - User flow diagram
The goal was to empower the user to start using the 2FA functionality with minimum steps and guidelines. The expected result was a seamless user experience with minimal friction. Even if 2FA is becoming a mainstream and norm functionality, some of the users do not know enough knowledge about 2FA, and as a general rule of thumb, they must not be overwhelmed with many options and step to perform to reach their goal.
MVP 2FA authentication - User flow diagram
Based on all prototypes, technical abilities, effort vs. impact analysis, the team has chosen the implementation of a PGP encrypted message with a verification code, using the existing infrastructure and API connection within the product ecosystem. Least amount of cost/effort and time to implement, relatively low usability friction from the user, and still with a high level of security.
Reflection
As working on a privacy-first product, I always strived for my practice to walk hand in hand with a user-centered mindset. In this line of work and products, there is always a balance/compromise between usability and security. Achieving both is an ideal win-win situation, something I always look for. Having a value-sensitive design exercise helped us consider the different pros and cons of each 2FA method in terms of UX and actual existing technical capabilities. Mine and the team’s biggest reward is achieving improved services and products we design by providing seamless, insuring, and implying peace of mind and confidence-inspiring privacy customer experience. The project gave us priceless knowledge and extended our toolset of security and privacy features and deep technical understandings. A relatively small project gave us the exercise to research, evaluate, prioritize, trade-off and decision making, learn fast and bring quick practical solutions.
