Enhancing App Security

Designing the User Authentication Experience for Better Security & Usability

Overview

Security is a fundamental aspect of any digital experience, yet it often comes at the cost of usability. The goal of this project was to enhance app security without compromising user experience, ensuring a seamless yet secure authentication flow.

Key Improvements:

✔ Streamlined onboarding – A step-by-step signup flow that integrates security without friction.
✔ Multi-layered security options – Users can set up passcodes, biometric authentication, and 2FA.
✔ Clearer security settings – Simplified security controls for easy updates.
✔ Improved account recovery – More intuitive password reset and recovery flows.

The Problem

Many users struggle with complex security processes, leading to:

- Weak passwords due to frustration with complex requirements.
- High dropout rates during 2FA and biometric setup.
-Inconsistent security configurations, making it hard for users to manage protection levels.

We identified that security measures need to be both strong and user-friendly.

Research & Competitor Analysis

Our research focused on how other apps handle authentication, comparing key factors like:

Ease of signup – How quickly users can create an account.
Security layers
– The types of authentication methods provided.
Recovery options
– The flexibility in account recovery.

By analyzing leading security-focused apps, we refined our approach to balance security and usability.

Quick Wireframe Session

Created initial sketches to visualize the 2FA flow and gathered feedback from the team. Addressed concerns such as onboarding complexity and reducing friction for existing users.

Wireframe
Brainstorming

User Flow & Key Design Decisions

To simplify the process, we structured authentication into clear, guided steps:

🔹 Signup & Authentication Steps

1️⃣ Create Account – Minimal friction with progressive disclosure for security settings.
2️⃣ Set Passcode – Encouraging strong but memorable passwords.
3️⃣ Enable Biometrics – Optional step for quick but secure access.
4️⃣ Two-Factor Authentication (2FA) – Seamless integration without disrupting user flow.

These steps ensure that users progressively enhance security while maintaining a smooth onboarding experience.

Final Design Highlights

✔ Step-by-step authentication makes security setup seamless.
✔ Flexible biometric and passcode options provide personalized security.
✔ Streamlined security updates make managing protection intuitive.
✔ Improved password recovery reduces friction for locked-out users.

Design Outcome

We didn’t just aim to add security—we designed a secure experience that felt intuitive, empowering, and human. Each feature we implemented had a specific purpose to solve real user pain points and enhance trust in the app. Here’s how the final solution delivered:

Live Password Criteria

Why we did it: Many users were confused by vague password requirements, leading to frustration or weak security.
What we designed: Live password feedback as the user types.
Show/hide password toggle.
Impact: Increased signup success and encouraged stronger passwords.

Biometric Login Options

Why we did it: Users wanted faster, secure access to the app—without typing passwords every time.
What we designed: Support for Face ID, Touch ID, and Fingerprint authentication. Users can enable these for faster login or skip and stick with passcode only.
Impact: Gave users flexibility while meeting industry security standards for biometric login.

6-Digit App Passcode

Why we did it: To ensure users had a fallback if biometrics failed or weren’t enabled.
What we designed: A simple, secure 6-digit code creation during onboarding.
The app can be unlocked using this passcode anytime.
Impact: Ensured all users—regardless of device support—have a reliable way to log in.

Fail-Safe Lockout Flows

Why we did it: Brute force attacks and shared device risks required guardrails.
What we designed: App lockout after 3 failed passcode attempts (30 minutes).
Option to reset unlock method using account password.
Impact: Reduced attack surface while giving legitimate users a way back in.

Adaptive Security Settings

Why we did it: Power users needed more visibility and control over their security setup.
What we designed: A dynamic security settings menu that adjusts based on enabled features.
Controls to disable biometrics, update passcode, or manage recovery options.
Impact: Reduced reliance on support and empowered users to manage their own safety.

Two-Factor Authentication (2FA) with Recovery Codes

Why we did it: Users needed protection from unauthorized access—but also needed a way to recover their accounts if they lost their phone.
What we designed: A seamless 2FA setup using QR or manual key entry.
Smart recovery codes are issued post-setup with warnings and clear next steps.
Users can verify their identity to request new recovery codes.
Impact: Balanced security and peace of mind—without causing account lockout stress.

Final Thought

This project demonstrates how user experience and security can coexist. By focusing on clear guidance, flexible security options, and frictionless authentication, we’ve created a system that protects users while keeping the experience smooth.

Other projects: 

Designed & developed by Suhee Lee
UX/UI Designer based in Berlin
© 2025 All rights reserved