Crypto-currency wallet

Enhance
the app security

Unlock verification & Two-factor authentication

Scope of work

Research
Both user and competitor analyses were conducted to figure out what is a more suitable security system for the app.
UX
This involved the design of the entire process of acquiring and integrating the product, including aspects of branding, design usability, and function.
UI & Interaction
With a solid basis of UX findings, the visual part of the app was designed and enhanced which also includes interactions.
Job story & MVP
Create job stories for the product development with specific criteria requirements and prioritize the job story based on product knowledge.

Goal

The goal of the project- enhance the security layer on the mobile cryptocurrency wallet app by optimizing Two-Factor Authentication and adding additional verification to the app access.

Why did we start this project?

As per research, the users feel safer to have more security layers like two-factor authentication and other types of verification on the wallet app even though it requires more steps to finish some actions.

Our current users do not have an issue with having two-factor authentication. However, we have so many support requests on losing 2FA backup codes. So we decide to optimize the 2FA setup process.

What are the problems?

No unlock verification feature, anyone can open the app when the device is unlocked
Users do not save Two-factor authentication recovery codes or do not know importance of them
No unlock verification feature, anyone can open the app when the device is unlocked
No unlock verification feature, anyone can open the app when the device is unlocked

HMW & Affinity mapping

Enabling Two-factor authentication process on the sign up

Competitor analysis

Direct competitor’s app access & verification method
Where two-factor authentication occurs

User flow

Security updates affect the sign-up process, introduce user what is new on the main page, settings, withdrawal, change email, password, app unlock, and re-login.

Sign up

We improved the password input to help the user to understand the criteria better. We added the 6-digit passcode set up that is mandatory for the sign-up process. The user can enable the biometrics after setting the passcode for faster access. The user sets the passcode first because it will be the backup for the biometrics in case of malfunctioning. And the last we now inform the user where recovery codes are being used and let him copy them in text form instead of writing.
Sign up

Create account

Live password criteria list will inform the user when he enters a password. The user will know if his password has met the criteria or not while creating.
Sign up

Set app passcode

Upcoming new users will set a 6-digit passcode when they signup. The passcode will be used to unlock the app securely whenever the user comes back after closing the app or session time has expired. We made the passcode a mandatory setup before enabling biometrics. This passcode enables to unlock of the app when the user can't use their preferred biometric because of an injury or because the sensor is unavailable or not working properly.
Sign up

Enable biometric

After setting the passcode, we will ask users if they want to enable biometric for the faster app unlock. The biometric data is stored on the local device only. Since the app does not send any data to external devices or servers, this separation helps to stop potential attackers. We also implemented that the biometric is by choice if only they want faster access. Otherwise, the user can continue with the passcode unlock.
Sign up

Enable Two-factor authentication

We had high customer support requests to help retrieve the recovery codes because they did not write them down or lost them. To reduce this friction, we decided to inform the user what do these recovery codes do, and instead of asking them to write it down, we added a copy button so that users can paste it somewhere safe like the password manager app.

Main Home

We now inform users to update the security on the main home page to increase awareness.
Main Home

Update security

The existing and upcoming new users will get informed that the passcode and biometric unlock have been added on the app and two-factor authentication is required on more actions. If the users have not updated the security settings, will be notified on the main home screen to update the settings.

Security settings

The user can now manage all the security-related setup in the security settings. Login activity, two-factor authentication, passcode, and biometrics.
Settings

Manage security settings

The user can manage the login activity, two-factor authentication, passcode, and biometrics. This is where the user changes the account password, enable or disable two-factor authentication, request recovery codes, set or change passcode, and enable or disable biometrics.
Settings

Request recovery codes

Due to the high volume of customer support requests regarding how to retrieve the recovery codes, the users can now reveal their recovery codes with the two-factor authentication code (OTP) or unused recovery codes.

Unlock & lock

The user can now manage all the security-related setup in the security settings. Login activity, two-factor authentication, passcode, and biometrics.
Unlock & lock

Unlock the app

Once user setup the passcode and biometric, user will require to unlock the app with unlock features.
Unlock & lock

Lock the app

We allow the users to try the passcode 3 times. After the three failed attempts, the app will be locked for 30 minutes.

Home

Top
Linkedln behance dribbble