MFA Implementation-Lexington Law, Credit.com and creditRepair.com
Led the user experience design for the implementation of Multi-Factor Authentication (MFA) across three distinct financial service brands. This initiative was critical for enhancing security and building user trust in a highly sensitive industry.
Role: Lead Product Designer. Collaborated with Marketing, Engineering, Legal and Compliance teams
Overview
This project centered on a critical security enhancement: the successful implementation of Multi-Factor Authentication (MFA) across three distinct financial products. The paramount importance of this initiative was to significantly reduce the amount of identity fraud we were experiencing on our site, thereby safeguarding user accounts and sensitive financial data.
The challenge
I was tasked with creating a single, adaptable design framework for MFA implementation that could seamlessly integrate across three distinct financial brands. This meant designing a core experience that required no major functional changes for each brand, focusing instead on easy adaptation to their individual brand styles
Note: only 2 of the 3 brand designs are displayed.
Design Decisions
Flexible & Harmonious Integration
My primary design consideration was to create MFA screens with a highly flexible and adaptable UI. This was crucial not only for seamlessly fitting the distinct brand identities of our three financial products but also for ensuring visual consistency with our diverse existing sign-up flows. This included internal flows, which varied in their recent updates and styling, as well as external flows originating from partner sites. The goal was to ensure a cohesive user experience where the MFA step felt like a natural, non-disruptive part of the overall journey, regardless of the entry point or specific brand.
Ensuring Seamless Access for Existing Users
A critical aspect of the design thinking was to prevent MFA from becoming a barrier for our established users. We meticulously considered scenarios where existing users might face challenges, such as losing access to their primary verification device or forgetting their email or password. My design ensured that robust alternative pathways were always available, allowing these users to securely regain access and proceed with their sign-in process without MFA becoming an insurmountable blocker.
Comprehensive Security Beyond Login
Beyond initial sign-up and login, our design thinking extended MFA implementation to crucial user actions, specifically when users made changes to their email or phone number. This proactive approach ensured that these critical contact details were verified as truly belonging to the user at the point of change. This not only bolstered security but also provided confidence that users would consistently have access to their verified methods whenever subsequently presented with MFA for future logins or sensitive actions.
Takeaways
Prioritizing User Access & Recovery is Paramount
Even with enhanced security, the user experience must remain central. Designing comprehensive recovery pathways for existing users who might lose access to verification methods or forget credentials ensures that MFA functions as a security asset, not an insurmountable barrier, thereby maintaining high user retention and satisfaction.
Harmonizing UI Across Diverse Ecosystems
Successfully implementing a single design solution across multiple brands and varied existing flows (internal, external, and historically styled) highlights the critical importance of a flexible and adaptable UI framework. This approach ensures brand consistency and a non-disruptive user experience, crucial for widespread adoption and trust.
Future-Proofing Through Vision Alignment
Understanding the ultimate goals and future iterations for the project, even if not immediately developed, is essential for scalable and manageable design. This foresight allows for the creation of a foundational design that can evolve, minimizing future rework and ensuring that current decisions support long-term strategic objectives.