Two-factor authentication upgrade
For a more in depth look at my process, ask me about it :)


Wealthsimple — 2021
Role — Lead design

 

Problem

Crypto withdrawals require additional security methods.

A notable percentage of clients have the lowest two-factor authentication (2FA) method in place, leaving them vulnerable to account takeovers.

 

Key requirements


Provide context

Provide clients with a clear and compelling, yet concise explanation of why they should upgrade their 2FA.



Inspire trust

Improvement client trust by enabling them to feel confident that we have their best interest top of mind. 



Improve security

Transition all crypto clients that wish to withdraw assets to a more secure authentication method.

 

Phase one

A general push to upgrade to a more secure 2FA method. This is framed as a strong nice to have but implies future feature releases will require this task to be complete.

 

Phase one

Pre launch push

Prefacing the launch of Crypto Withdrawals with an app wide push to increase the percentage of clients using a non email based authentication method.

Deferring to later results in a secondary prompt via a card on the account screen.

 

Phase one

Increased clarity 

A re-work of the existing 2FA method selection view both repositions options from most to least secure, and increases the ability to parse the information presented.

App-based authentication is the most secure option and so it is labelled as recommended and selected by default.

 

Phase two

A hard block on feature access. Clients who previously deferred the prompt to update will be blocked from accessing Crypto withdrawals due to security measures in place.

 

Phase two

Mandatory upgrade prompt

Clients who previously deferred prompts to upgrade (phase one) will be blocked from withdrawing crypto until they upgrade their authentication method. 

This is a security must-have to help protect clients and Wealthsimple from bad actors. 

 

Phase two

24 hour holding period

To further protect clients, a 24 hour holding period will be implemented on crypto withdrawals following their 2FA upgrade. 

During this period they will be contacted via email about the change, giving them an opportunity to notify us if they were not the one to initiate it. 

Clients will have access to all other app functions during this time.

 


Impact ✨

Ask me about it :)


Copyright © All rights reserved.
Using Format