Stakeholder management
Navigating ambiguity
Customer research
User research
Affinity diagramming
Wire framing
Prototyping
Interaction design
UI design
Data
Duo Security is a leading multi-factor authentication (MFA) solution that helps organizations protect against unauthorized access by requiring users to verify their identity using multiple methods, like a Duo Push notification on their mobile device, before granting access to applications.
The Universal Prompt (UP) is Duo’s latest and most significant redesign effort, aimed at making the authentication process easier, faster, and more secure. This new design introduces the "auto-selection" feature, which automatically selects and prompts users with an authentication method during login, streamlining the process.
While this feature works well for most users, some customers managing shared accounts found it problematic. The auto-selection could mistakenly send a Duo Push notification to the wrong user, increasing the risk of unauthorized access. Additionally, there was no option for these users to modify this behavior.
To address this, we introduced a user-level configuration in the final product. This allows customers to disable auto-selection, ensuring that users are presented with a list of authentication options instead.
As of August 2024, this feature has been adopted by approximately 10,000 customers and 240,000 users.
As the lead designer for the project, I collaborated with the product manager and engineering lead to define the problem, refine user stories, and prioritize the most impactful issues.
I was responsible for overseeing customer research, user research, and the design iterations of the solution.
Web design
Engineering shepherd
Puct manager
Design advisor
Accessibility expert
March - June 2023
"If someone is trying to log into a shared account, the push will go to the wrong person who didn't initiate the push. There's no way to shut it off." - customer
.gif)
The Universal Prompt (UP) is Duo Security’s most extensive redesign effort, focused on enhancing the user experience by making authentication easier, faster, and more secure. Duo Security is a leading multi-factor authentication (MFA) solution that helps organizations protect against unauthorized access by requiring users to verify their identity using multiple methods, such as a Duo Push notification on their mobile device, before granting access to applications.
A key improvement in the Universal Prompt is the “auto-selection” feature, which automatically selects and prompts users with their primary authentication method during login. This feature has been well-received; findings from private previews show that it was a top cause of positive sentiment regarding the Universal Prompt. Our research also revealed that users typically rely on one main authentication method, further validating the feature’s effectiveness.
However, some customers, particularly those with shared accounts, requested the ability to disable auto-selection. They faced issues where the feature could prompt the wrong user, increasing the risk of unauthorized Push approvals. Additionally, there are other complexities that complicate both the problem and the solution.
Given the team’s priority to deprecate the old Prompt, we recognized the need to understand customer pain points deeply and design a scalable solution that would address these issues while facilitating a smooth transition to the new system. The project’s goal is to resolve the core issues with auto-selection without introducing new friction for the majority of users.
How might we provide Kits the auto-selection configuration they need without introducing new friction to the majority of our Lees?
Customers have expressed a desire to disable or configure the auto-selection feature. Key pain points include: 1) incorrect users receiving a Duo Push in shared accounts, 2) users being prompted with a method they can't use on a new device, and 3) receiving authentication requests from background applications.
While auto-selection generally benefits most users, it may not be effective in all scenarios.To address these issues, we need to determine which pain points are most critical to customers and whether they can be resolved through experience changes rather than engineering solutions. It’s important to assess if a single solution is sufficient or if a more targeted approach is needed.
Our goal is to thoroughly understand the main pain points Kits face and answer, how might we provide Kits the auto-selection configuration they need without introducing new friction to the majority of our Lees?
Auto-selection uses the presence of a cookie called LAM, which stands for last used authentication method cookie, to determine what to auto-select and prompt the user.
To fully grasp the issues with auto-selection, it's essential to understand how the Universal Prompt works and the root causes of the user stories outlined in the Product Requirements Document (PRD).
In collaboration with engineers, I learned that the Universal Prompt uses a cookie called LAM (last used authentication method) to determine what to auto-select during authentication. If a LAM cookie is present, Duo remembers the last method used and prompts it again. If absent, Duo prompts the most secure available method.
This understanding clarified the user stories in the PRD:
1) Account sharing: Duo Push is sent to the wrong user when no LAM cookie is available.
2) New device: Users are prompted with an unusable registered option when no LAM cookie is available.
3) Background auth: Users receive random Push notifications when an application opens in the background, regardless of the LAM cookie.
4) LAM cannot be overridden: Users are stuck with a less secure method despite registering a more secure one when a LAM cookie is present.
Breaking down these stories revealed distinct root issues, prompting us to reconsider whether to address them all with a single solution or to narrow the project's scope.
Through customer feature requests to configure or disable auto-selection, we discovered that account sharing was the main pain point mentioned
Challenging and Redefining the Scope
Recognizing the project's broad scope, I led the team (product and engineering) to align on the next steps. Through brainstorming sessions, we determined that the issues needed to be addressed separately. Instead of creating a single solution for all user stories, we decided to narrow the scope, identify the core pain point, and validate our concept.
By analyzing the 40+ feature requests from Aha!, I found that the main pain point was account sharing, which allowed the team to focus on the shared account scenario.
What should the experience be? Should this be a customer facing configuration, or user facing?
Ideating With Cross-Functional Team
With the main pain point identified, I started brainstorming: (1) What should the user experience be? (2) What levels of configuration are needed? (3) Should this be customer-facing or user-facing?
Through discussions with product, engineering, and design partners, we aligned on core concepts based on complexity, feasibility, potential user disruption, and the likelihood of solving the problem.
Concepts to Validate
The discussion and ideation sessions resulted in two main concepts to test and validate with customers, helping us understand their configuration expectations. The first concept involves auto-prompting a method but delaying the request until the user presses the send button. The second concept sends the user directly to the list of options.
What motivates customers to want to disable or configure auto-selection for Universal Prompt? Does our concept solve customer's concerns with auto selection?
The research questions were:
1) What motivates customers and users to disable or configure auto-selection for the Universal Prompt, and how does the shared account scenario fit in?
2) In what use cases does auto-selection create more friction for users?
3) Does our concept address customer concerns with auto-selection?
4) How would customers expect to disable or configure this feature?
"In the real world, there has to be shared accounts. Vendor charges a high licensing fee for multiple accounts" - customer
Key Insight #1: Customers Are Primarily Concerned with Shared Accounts
Customer interviews confirmed that the main issue with auto-selection stems from shared accounts, where Duo Push is sent to the wrong user (when no cookie is remembered). This prevents customers from migrating to the Universal Prompt, as shared accounts are often unavoidable. The auto-selected Push behavior raises security concerns, increases admin overhead, and confuses users.
Key Insight #2: Customers Prefer Letting Users Choose from a List of Options
While both concepts address the problem, concept A received negative feedback due to concerns about users missing the selected mobile device or the extra click required.
Key Insight #3: Customers Want Control and Visibility Over the Experience
Customers expressed a desire to control the experience while empowering users with the flexibility to choose, reducing admin overhead.
User-level configuration that allows customers to disable the Universal Prompt's auto-selection feature and present users with a list of authentication options instead.
Through customer interviews, we made two main design decision, to keep the customer control at the user level, and take users directly to "Select an option".
Key Design Decision #1: Customer Control at the User Level
Customer interviews revealed that customers wanted both the ability to configure settings and provide users with options. Given the low frequency of shared accounts and requests to disable auto-selection for user preference, the team decided to prioritize customer-level configuration. This reduces engineering effort while allowing us to monitor if additional requests for user-level control arise.
Key Design Decision #2: Taking Users Directly to "Select an Option"
Concept B, which immediately takes users to "select an option," was well received by customers and effectively addresses the main issue of auto-selection for shared accounts. In contrast, Concept A risks missing device information, potentially sending the Push to the wrong device, or requiring additional clicks.
"Very concerning with the other options screen. With 30 phones, we have 90 options (phone, text, push). This will absolutely not be acceptable" - customer
During customer interviews, we uncovered an additional pain point for customers with shared accounts: the lengthy list of options they encounter. As a result, we are including an additional phase in the project to explore solutions for improving this experience.
Design explorations
We explored a few variations of the filter experience: a standard dropdown, search functionality, and drill down, and ultimately decided on testing the former two options. This is because it leads to the least engineering effort while improving the user experience, given the unlikelihood users may experience the long list.
As part of the design exploration, we also analyzed data on how often users encounter a long list of options. We found that most users have at most two devices. Combined with our team’s discussion that a filter view requires minimal engineering effort while addressing the issue of finding the right device, we decided to test the options with our users.
98.43% of users have at most 2 devices enrolled.
Research Questions:
1) When do users find having a filter efficient? At what number of options does a filter become useful?
2) Is the current filter experience sufficient, or would adding a "search" feature improve it?
Key Design Decisions:
The filter significantly saves users time and effort, reducing mistakes and generally receiving positive feedback. Most users did not find an additional search feature necessary. We also found that users find the filter increasingly helpful as the number of options grows. Based on this, and Miller’s Law, we decided to display the filter bar when there are more than 7 options. This approach was reviewed for content and accessibility, leading to our final design:
"[Filter] you almost know exactly where you are clicking on. There's less room for mistake for it to go to somewhere else. [Search] To me typing provides room for error." - user
A user-level configuration that enables customers to disable the auto-selection feature of the Universal Prompt and instead present users with a list of authentication options.
As of August 2024, this feature has been adopted by approximately 10,000 customers and 240,000 users. Follow-up surveys show that about 80% of participants (n=56) feel the new feature effectively addresses their pain points with auto-selection.