Illustration design
UI/UX design
Design iterations & critique
Accessibility considerations
Working with technical limitations
Duo Security is a leading provider of multi-factor authentication (MFA) solutions, helping organizations protect against unauthorized access by requiring users to verify their identity through multiple methods. Among these methods, Duo Push is the most popular, where users approve login attempts via a notification sent to their mobile device.
Despite its popularity, Duo Push becomes riskier because passwords are easily compromised, which can undermine two-factor authentication (2FA). One common attack vector is Push harassment, where attackers flood users with constant Push notifications, such as through Push bombing, hoping that users will mistakenly approve a malicious request due to annoyance. This issue can lead to real-life scenarios where accounts are compromised, as users become more susceptible to Push fatigue and social engineering
Although Verified Push provides added security by requiring users to input a code, this method introduces friction, conflicting with our goal of making authentication as seamless as possible.Our challenge is to enhance Push security while maintaining a smooth user experience.
To address this, we developed an improved Push denial experience: when a user denies a Push notification and marks it as fraudulent, their notifications are muted for 20 minutes. This approach strengthens security against attackers while preserving a frictionless authentication process.
This improved experience is now the default setting for all new customers and is currently protecting thousands of users daily.
Led the project from illustration design to UI and content revamp, collaborating with the Product Manager on implementation and engineers on feasibility. Worked with accessibility, security, and content experts to meet all requirements.
Design advisor Blair provided ongoing feedback and created the video artifacts featured in the project space.
Mobile (iOS/Android)
2 Engineer shepherds (iOS/Android)
1 Product manager
1 Design advisor
Accessibility expert
Content designer
App security team
Jan - March 2023
"Push harassment is a known issue. It just takes one user to fall for the attack for our environment to get compromised. We need a stronger solution" - customer
.gif)
Duo Security provides multi-factor authentication (MFA) solutions that help organizations protect access to their systems by requiring users to verify their identity through multiple methods. One popular method is Duo Push, where users approve login attempts through a notification sent to their mobile device.
Push harassment is a known issue where easily compromised passwords put two-factor authentication (2FA) at risk. Since Duo Push is our most popular method for verifying identities, it's crucial to strengthen its security to protect users from attacks.
In these attacks, called Push bombing, attackers send numerous Push notifications to a user, hoping that the user will eventually approve one by mistake out of frustration. This can lead to Push fatigue, making users more vulnerable to social engineering scams.
Customers have reported Push harassment as a significant problem, with real-life examples showing how attackers exploit this weakness. While Verified Duo Push, which requires entering a code, improves security, it adds extra steps, conflicting with our goal of providing a frictionless authentication experience.
We need to enhance the security of Duo Push while maintaining a smooth and easy user experience.
How might we ensure frictionless authentication for users while still protecting them from Push harassment and fatigue?
video credit to Blair
As aforementioned, users struggle with Push Harassment, often receiving repeated Duo Pushes at inconvenient times, such as while sleeping. There has been real life examples today where the distress causes users to approve the Push to avoid further discomfort, inadvertently allowing attackers access.
How might we ensure frictionless authentication for Lee while protecting them from Push harassment and fatigue?
How might we ensure frictionless authentication for users while still protecting them from Push harassment and fatigue?
With the evolving attack vectors, the goal was to ship as soon as possible and measure its effectiveness. Thus, the process followed relied on internal feedback to bring the product to life quickly. The project was given 6 sprints, from design to implementation, which means we had to keep the design process lean, along with placing consideration on technical constraints and engineering lifts throughout the process.
User initiated muting leads to the least engineering lift, while providing users information and control over their experience
Comparative Analysis & Approach Ideation
To develop a muting mechanism for our product, I began by examining similar features on other platforms. The analysis revealed common design patterns, including muting for a set duration, muting at the system or application level, and scheduled muting.
This led me to design several approaches:
1) Server-initiated muting triggered by signals
2) User-initiated muting based on active decisions
3) OS-level muting.
Engineering Feedback
I presented the different approaches to the engineers and collected feedback on their pros, cons, and potential concerns. This feedback helped us refine our concept, leading us to choose user-initiated muting as it requires the least engineering effort while giving users the most control over their experience.
Design Jam
After selecting the approach, I collaborated with designer Jake to develop several design variations:
1) Offering a mute option after the user marks it as fraudulent
2) Immediately muting after marking as fraudulent
3) Immediately muting after marking as fraudulent but allowing the option to unpause the notification.
Academic Research
After evaluating the pros and cons of these options, we chose not to provide an option to unmute once the user marks a Push as fraudulent. This decision was influenced by "The Power of Default," which suggests that people are likely to stick with default settings. By selecting the default for the user, we reduce their decision-making burden and simplify their experience.
Design iterations: illustration, icon choice, and color
In addition to refining the Muted Push user experience, we also focused on enhancing the illustrations to better communicate the experience. The previous illustration failed to effectively convey the muting concept. I explored several variations below, focusing on the illustration, icon choice and placement, along with color combinations using our illustration styling guide.
Final Design Review w/ Design Stakeholders & Accessibility Expert
The final option was reviewed with designers and chosen for its consistency with our typical mobile device display and icon placement in the top right corner. The highlighted notification reinforces the connection between the mute icon and the illustration’s focus. Lastly, the final color was chosen and reviewed by accessibility experts to ensure compliance with guidelines.
Before and after shown below
An improved Push denial experience where, after a user denies and marks a Push as fraudulent, their notifications are muted for 20 minutes.
video credit to Blair
This experience is now the default setting for all new customers, and is protecting thousands of users daily.