Passwordless Login
The Problem
The existing login experience was reliant on passwords, which presented a significant security risk due to weak, reused, or stolen credentials. Users also expressed frustration with the complexity of password recovery processes. Our goal was to implement a secure, simple solution that would reduce these risks without adding unnecessary friction to the login flow.
My Role
-
User Flows
-
UI Design (iOS, Android, Web)
-
User Research
-
Design Validation Testing
The Team
-
Oleg Kotsur- Product Manager
-
Razvan Balan- Engineering Manager
-
Alex Spicer- Sr. Staff Cloud Engineer
OverView
This case study outlines our initiative to strengthen login security by implementing a One-Time Password (OTP) authentication system. The previous login process was prone to security vulnerabilities, relying solely on passwords, which left user accounts susceptible to unauthorized access. By introducing OTP codes delivered via SMS, we aimed to provide a more secure, user-friendly authentication method while maintaining convenience for end users.
I started by mapping out the user flows for the three primary use cases:
User A- A new User
User B- An Existing User
User C- A Logged In User
Once the various user journeys were identified it was time to research how other similar applications were handling 2FA login to identify any replicable patterns or pitfalls to avoid. To do this I evaluated other Social Apps, and looked at Mobbin for login experiences across a variety of applications. One of the principles I like to apply to my work is Jakob's Law- or that Users are more comfortable with interfaces that follow familiar design patterns.
Competitive Research
UX/UI DESIGN
After learning the pattern it was time to start designing the UI's typically when designing UI's I'll start by block diagraming all of the various screens and states, then apply the design system to those various screens
Usability Testing
Solution
We integrated a two-factor authentication (2FA) system, where users would receive a unique OTP code via SMS to verify their identity. This secondary layer of security ensured that even if a password was compromised, the account could not be accessed without the OTP. The design focused on making the experience seamless: after entering their username and password, users were prompted to enter the code sent to their mobile device. The entire process was designed to be quick and intuitive, minimizing any disruption to the user journey.
Outcome
The implementation of SMS-delivered OTP codes significantly increased login security and reduced the number of unauthorized login attempts. Users appreciated the added security and the simplicity of the SMS-based authentication, which did not require the use of external authentication apps or complex recovery procedures. The enhanced login process struck a balance between robust security and a smooth, user-friendly experience, leading to increased user trust and satisfaction.
This case study highlights how the addition of OTP-based 2FA can improve both security and usability, ensuring that user accounts are protected without introducing unnecessary barriers to access.
Next Steps
After successfully implementing the SMS-OTP 2FA Login Experience we wanted to extend the solution to markets where SMS messaging costs were prohibitively expensive so we plan to design a similar experience where the OTP codes are delivered via email. This will allow us to extend this important security upgrade to all users globally and ensure the safety and security of the platform for all users.
“The implementation of Passwordless login was as smooth as could be, and resulted in a 80% decrease in support tickets related to Login issues.”
Justin, CS Director