🔐 Two-factor authentication

Solving for the ‘Verification’ problem

🧩 The problem

Two-factor authentication was a highly requested feature from customers, especially enterprise level accounts. Initially the team wanted the feature to be called “Multi-factor verification.”

This was a bit of a problem because SurveyMonkey already had 3 types of verification:

  • Device verification

  • Account email verification

  • Sender email verification

This was confusing both internally and externally, as all of these features required users to fetch a code or take an action before being able to log in.

I was hesitant to add another type of ‘verification’ to the product lexicon. I suggested we go with ‘Multi-factor authentication (MFA)’ to at least cut back on the types of verification we talk about in the UI.

The other challenge was we were starting by only allowing verification via an authenticator app. Meaning we’d need people to have a secondary device when logging in with MFA. Since we already have a feature called ‘device verification’ this was going to be a challenge to ensure customers understand the difference.

💡The plan

We conducted user research on usertesting.com for an unmoderated A/B prototype test.

Our goals were:

  • Gauging familiarity with the term ‘multi-factor authentication’

  • Checking for understanding around ‘authenticator app’ and ‘secondary device’

  • Ensuring the flow of information made sense to uses

Results surprised us! I was worried that people wouldn’t understand what an authenticator app was, but people who said they weren’t familiar with one before starting the flow were able to describe how they’d log in with one by the end of it. When asked about the term ‘multi-factor authentication’ people were familiar but naturally throughout the test, the majority of them kept saying ‘two-factor authentication’ so we decided to investigate that further.

From there I partnered with the marketing and SEO teams to get more data on which name we should call the feature. ‘Two-factor authentication’ was the winner!

🧠 My role

I worked closely with the research team on the questions + messaging in the prototypes. I did a terminology audit to find all the places we were using the same words like “device” and “verification”. From there I partnered with the marketing and SEO teams to get more data on which name we should call the feature.

This feature was unique in that we were leveraging a third-party product to integrate into SurveyMonkey rather than designing and building it ourselves. So I had to work closely with engineering to understand what layouts were possible and to ensure the variables they saw in the third-party app corresponded to the right front end copy.

I also lead design/copy QA to ensure everything made it to the final customer facing flow.

✍️ My process

Feature glossaries to help Help Center, Marketing, and fellow Content Designers write about verification:

Map of customer journey through verifying in SurveyMonkey:

Some 2FA screens:

💥 The Impact

This project brought to light how messy and time consuming it is for customers to verify their identity in SurveyMonkey. We were able to prioritize a few more product updates to make it a smoother, more clear, experience to keep your account safe:

  • Allowing customers to verify their email at sign-up, rather than in the middle of their survey sending process.

  • Redesigning the ‘account verification’ flow to not require fetching a code.

  • Launched a project to rename account verification to further reduce confusion.