Two-factor authentication upgrade
For a more in depth look at my process, ask me about it :)
Wealthsimple — 2021
Role — Lead design
Problem
Crypto withdrawals require additional security methods.
A notable percentage of clients have the lowest two-factor authentication (2FA) method in place, leaving them vulnerable to account takeovers.
Key requirements
Provide context
Provide clients with a clear and compelling, yet concise explanation of why they should upgrade their 2FA.
Inspire trust
Improve client trust by enabling them to feel confident that we have their best interest top of mind.
Improve security
Transition all crypto clients that wish to withdraw assets to a more secure authentication method.
Phase one
A general push to upgrade to a more secure 2FA method. This is framed as a strong nice to have but implies future feature releases will require this task to be complete.
Phase one
Pre launch push
Prefacing the launch of Crypto Withdrawals with an app wide push to increase the percentage of clients using a non email based authentication method.
Deferring to later results in a secondary prompt via a card on the account screen.
Phase one
Increased clarity
A re-work of the existing 2FA method selection view both repositions options from most to least secure, and increases the ability to parse the information presented.
App-based authentication is the most secure option and so it is labelled as recommended and selected by default.
Phase two
A hard block on feature access. Clients who previously deferred the prompt to update will be blocked from accessing Crypto withdrawals due to security measures in place.
Phase two
Mandatory upgrade prompt
Clients who previously deferred prompts to upgrade (phase one) will be blocked from withdrawing crypto until they upgrade their authentication method.
This is a security must-have to help protect clients and Wealthsimple from bad actors.
Phase two
24 hour holding period
To further protect clients, a 24 hour holding period will be implemented on crypto withdrawals following their 2FA upgrade.
During this period they will be contacted via email about the change, giving them an opportunity to notify us if they were not the one to initiate it.
Clients will have access to all other app functions during this time.
Impact ✨
Ask me about it :)