Enhancing App Security

Overview

Security is a fundamental aspect of any digital experience, yet it often comes at the cost of usability. The goal of this project was to enhance app security without compromising user experience, ensuring a seamless yet secure authentication flow.

Key Improvements:

✔ Streamlined onboarding – A step-by-step signup flow that integrates security without friction.
✔ Multi-layered security options – Users can set up passcodes, biometric authentication, and 2FA.
✔ Clearer security settings – Simplified security controls for easy updates.
✔ Improved account recovery – More intuitive password reset and recovery flows.

‍

The Problem

Many users struggle with complex security processes, leading to:

- Weak passwords due to frustration with complex requirements.
- High dropout rates during 2FA and biometric setup.
-Inconsistent security configurations, making it hard for users to manage protection levels.

We identified that security measures need to be both strong and user-friendly.

‍

Research & Competitor Analysis

Our research focused on how other apps handle authentication, comparing key factors like:

Ease of signup – How quickly users can create an account.
Security layers – The types of authentication methods provided.
Recovery options – The flexibility in account recovery.

By analyzing leading security-focused apps, we refined our approach to balance security and usability.

‍

‍

Quick Wireframe Session

Created initial sketches to visualize the 2FA flow and gathered feedback from the team. Addressed concerns such as onboarding complexity and reducing friction for existing users.

‍

User Flow & Key Design Decisions

To simplify the process, we structured authentication into clear, guided steps:

🔹 Signup & Authentication Steps

1️⃣ Create Account – Minimal friction with progressive disclosure for security settings.
2️⃣ Set Passcode – Encouraging strong but memorable passwords.
3️⃣ Enable Biometrics – Optional step for quick but secure access.
4️⃣ Two-Factor Authentication (2FA) – Seamless integration without disrupting user flow.

These steps ensure that users progressively enhance security while maintaining a smooth onboarding experience.

‍

‍

Final Design Highlights

✔ Step-by-step authentication makes security setup seamless.
✔ Flexible biometric and passcode options provide personalized security.
✔ Streamlined security updates make managing protection intuitive.
✔ Improved password recovery reduces friction for locked-out users.

‍

‍

Design Outcome

We didn’t just aim to add security—we designed a secure experience that felt intuitive, empowering, and human. Each feature we implemented had a specific purpose to solve real user pain points and enhance trust in the app. Here’s how the final solution delivered:

Live Password Criteria

Why we did it: Many users were confused by vague password requirements, leading to frustration or weak security.
What we designed: Live password feedback as the user types.
Show/hide password toggle.
Impact: Increased signup success and encouraged stronger passwords.

‍

Biometric Login Options

Why we did it: Users wanted faster, secure access to the app—without typing passwords every time.
What we designed: Support for Face ID, Touch ID, and Fingerprint authentication. Users can enable these for faster login or skip and stick with passcode only.
Impact: Gave users flexibility while meeting industry security standards for biometric login.

6-Digit App Passcode

Why we did it: To ensure users had a fallback if biometrics failed or weren’t enabled.
What we designed: A simple, secure 6-digit code creation during onboarding.
The app can be unlocked using this passcode anytime.
Impact: Ensured all users—regardless of device support—have a reliable way to log in.

‍

Fail-Safe Lockout Flows

Why we did it: Brute force attacks and shared device risks required guardrails.
What we designed: App lockout after 3 failed passcode attempts (30 minutes).
Option to reset unlock method using account password.
Impact: Reduced attack surface while giving legitimate users a way back in.

Adaptive Security Settings

Why we did it: Power users needed more visibility and control over their security setup.
What we designed: A dynamic security settings menu that adjusts based on enabled features.
Controls to disable biometrics, update passcode, or manage recovery options.
Impact: Reduced reliance on support and empowered users to manage their own safety.

Two-Factor Authentication (2FA) with Recovery Codes

Why we did it: Users needed protection from unauthorized access—but also needed a way to recover their accounts if they lost their phone.
What we designed: A seamless 2FA setup using QR or manual key entry.
Smart recovery codes are issued post-setup with warnings and clear next steps.
Users can verify their identity to request new recovery codes.
Impact: Balanced security and peace of mind—without causing account lockout stress.

‍

Final Thought

This project demonstrates how user experience and security can coexist. By focusing on clear guidance, flexible security options, and frictionless authentication, we’ve created a system that protects users while keeping the experience smooth.

‍