Passkey & 2FA Verification
Redesign
Introduced passwordless passkey authentication — reducing login time by 40%.
Led a comprehensive redesign of WOO X's authentication system, integrating Passkey technology alongside traditional 2FA methods. The initiative reduced login friction by 35% while maintaining enterprise-grade security — and demonstrated that security and convenience are not mutually exclusive.
Role & responsibilities
User Research
Investigated authentication abandonment patterns and identified that SMS-based 2FA was the primary drop-off point.
Cross-Platform Architecture
Architected consistent Passkey + 2FA experiences across iOS, Android, and desktop Web.
UX & UI Design
Designed wireframes and high-fidelity UI for all authentication states including fallback flows.
A/B Testing
Ran A/B test comparing 'Opt-in' vs 'Enabled by Default' Passkey enrollment — the latter won significantly.
What we set out to achieve
Reduce Login Friction
Streamline verification journeys by eliminating redundant steps — target: measurable drop in login abandonment.
Bridge Passkey & 2FA
Design intuitive interfaces that make Passkey feel natural to users unfamiliar with the technology.
Universal Access
Ensure every user can authenticate regardless of device capability — seamless fallback to Email OTP.
Security Confidence
Revamp security management interfaces so users understand and trust their authentication setup.
Understanding the landscape
Key Insights
- →Traditional SMS 2FA caused login abandonment due to delayed codes and device loss — a common pain point in user research.
- →SMS-based approaches remain vulnerable to SIM-swapping attacks — a real risk for crypto users.
- →Integrating Passkey required handling edge cases: cross-device sync, browser compatibility, and fallback logic for unsupported devices.
Key Findings
- Traditional SMS 2FA caused login abandonment due to delayed codes and device loss — a common pain point in user research.
- SMS-based approaches remain vulnerable to SIM-swapping attacks — a real risk for crypto users.
- Integrating Passkey required handling edge cases: cross-device sync, browser compatibility, and fallback logic for unsupported devices.
Design decisions
Branching Authentication Logic
Different entry paths for different user segments — new users receive Passkey promotion, existing users choose their preference, unsupported devices automatically fall back to Email OTP.
- New users: Passkey-first onboarding with clear benefit explanation.
- Existing users: Choice-respecting upgrade prompt, not a forced migration.
- Unsupported devices: Automatic Email OTP + password fallback — no dead ends.
Security Dashboard
A redesigned settings page with security score display, verification status overview, simplified activation flows, and device management — giving users full visibility and control.
- Security Score: Visual indicator of account protection level.
- Device management: View all Passkeys with device name, type, and last-used timestamp.
- Sync status: Clear indication of which devices have Passkey enabled.
Passkey Management Flow
Users can create multiple Passkeys, view device details and timestamps, and delete unused credentials — with safeguards preventing accidental account lockout.
- Multi-device support: Add Passkeys for phone, laptop, and backup device.
- Lockout prevention: Cannot delete last remaining authentication method.
- A/B test winner: 'Enabled by Default + Clearly Explained Benefits' outperformed opt-in by 2.3×.
