Multi-Factor Authentication

After a spike in online fraud, several account features had to be disabled. We needed to reintroduce security through MFA—without blocking access for customers with outdated contact info.

My role

Lead UX/UI Designer

Company

C Spire

Team

Business Owners Project Managers Cybersecurity Experts Data Analysts Usability Tester Developers QA Testers

The Challenge

After a rise in fraud, several customer-facing features were shut down. MFA became critical — but we needed to roll it out carefully. Most customers were logging in just to pay their bill, so we couldn’t afford to block that action with unnecessary friction.

Key Goals:

- Add MFA via text or email
- Keep the process simple and familiar
- Avoid locking out real customers
- Restore previously disabled features — securely
- Preserve easy access to bill payment


Research

We started with data. Using click analytics, we learned that bill pay was the #1 reason customers logged into their account. That insight shaped everything.

To avoid disruption, we introduced a new path:
A button to skip MFA was added that routes users directly to Express Pay, where they could pay their bill without logging in.

- Reviewed how competitors implement MFA
- Used Baymard best practices
- Analyzed login behavior from internal data

Key Insight: Familiarity = trust. Anything unfamiliar caused hesitation.



Design

I created a high-fidelity Figma compd to walk stakeholders through the experience:

  1. User logs in

  2. Receives a one-time code via preferred method (text or email)

  3. Has the option to “remember this device”

  4. Option to bypass login with Express Pay

Key feedback + iterations:

- Business owners prioritized user choice between SMS or email
- Cybersecurity flagged the need to remove code-length hints
- Developers identified a major blocker: customers couldn’t update their email or phone number on file — risking permanent lockout

To address this, we adjusted comps, prioritized accessibility, and moved into user testing while leadership assessed development feasibility.



Testing

We ran mobile usability tests on the new flow. Here's what we learned:

- Flow was instantly understood
- Express Pay option was clear and appreciated
- Email/text choice was appreciated
- Felt secure and easy
- No confusion or drop-offs


Outcome

The project passed testing but was paused. The core issue—users couldn’t update their contact info—posed too big a risk for rollout.

Next Step: Wait for backend updates to allow contact info changes.