A Product Designer’s Guide to Modern Authentication Methods

Ellie Luo
5 min readJun 27, 2024

--

In today’s digital age, securing customer accounts is more critical than ever. With cyber threats on the rise, traditional methods like email and password are no longer sufficient. Did you know that over 80% of data breaches are due to weak or stolen passwords? As a product designer, understanding the various authentication methods available can help you create a secure yet user-friendly experience. Let’s explore the most effective ways to protect customer accounts and ensure peace of mind in the digital world.

1. Biometric Authentication (FaceID and TouchID)

Overview: Biometric authentication uses unique biological characteristics such as fingerprints (TouchID) or facial recognition (FaceID) to verify identity. This method is often used as an additional solution alongside traditional passwords and usernames to enhance security.

Biometric Authentication FaceID, source from Apple

Pros:

  • Extremely secure, as biometric data is unique to each individual.
  • Convenient and fast, enhancing the user experience.

Cons:

  • Requires compatible hardware, which may not be available on all devices.
  • Privacy concerns regarding the storage and use of biometric data.

Design Tips:

  • Ensure biometric data is stored securely and locally on the device.
  • Provide clear communication on how biometric data is used and protected.
  • Offer alternative authentication methods for users without compatible hardware.

2. Authentication via e-ID (e.g., BankID in Sweden)

Overview: e-ID authentication methods like BankID in Sweden use government-issued or bank-issued digital identities for secure verification. Each country has its own different e-ID methods, such as itsme in Belgium, providing a standardized and highly secure means of identity verification.

Authentication via e-ID (e.g., BankID in Sweden)

e-ID Providers by Country:

Sweden: BankID

Belgium: itsme

Norway: BankID Norway

Denmark: MitID

Finland: Finnish Trust Network (FTN)

Netherlands: Dutch iDIN

Pros:

  • Highly secure, leveraging trusted institutions.
  • Streamlines the verification process for services requiring high assurance levels.

Cons:

  • Limited to regions where e-ID systems are established.
  • Users must have an e-ID, which may not be universally available.

Design Tips:

  • Provide clear instructions on how to use e-ID for authentication.
  • Highlight the security and convenience benefits of e-ID.
  • Ensure compatibility with different e-ID systems where applicable.

3. Authentication via Mobile Operators

Overview: Authentication via mobile operators, often referred to as mobile identity, uses the user’s mobile number and operator’s infrastructure to verify identity. This method simplifies the authentication process to just one step for the customer.

Authentication via Mobile Operators, source from Twilio

Pros:

  • Utilizes existing infrastructure, potentially reducing the need for additional setup.
  • Can be very secure with proper implementation.

Cons:

  • Limited acceptance and adoption in some regions.
  • Dependence on mobile operators and potential for service interruptions.

Design Tips:

  • Work closely with mobile operators to ensure a seamless and secure user experience.
  • Educate users on how this method works and its security benefits.
  • Offer as an optional method alongside other authentication methods.

4. Authentication via Google

Overview: Google’s authentication services allow users to sign in using their Google account, leveraging Google’s robust security infrastructure.

Authentication via Google, source from mobot

Pros:

  • Simplifies the login process by reducing the need for multiple passwords.
  • Benefit from Google’s advanced security measures, including detection of suspicious activity.

Cons:

  • Reliance on a third-party provider may not be suitable for all users. There have been several severe service outages in the past. Do you still remember them? The last one I remember was in 2020, when a large service outage lasted for 2 hours globally.
  • Users must trust Google with their account data.

Design Tips:

  • Highlight the security benefits and ease of use to users.
  • Ensure clear communication on data sharing and privacy implications.
  • Provide alternative methods for users uncomfortable with third-party authentication.

5. Authentication App

Overview: Authentication apps like Google Authenticator generate time-based OTPs (TOTP) that users enter to verify their identity.

Authentication App, pic source from Databox

Pros:

  • Highly secure as codes are generated on the user’s device.
  • Not reliant on SMS or email channels, reducing interception risks.

Cons:

  • Not as widely accepted, requiring users to install and set up an additional app.
  • Mostly used at the enterprise level to authenticate users (employees) and ensure enterprise data security.
  • Potentially confusing for less tech-savvy users.

Design Tips:

  • Provide easy-to-follow setup guides.
  • Educate users on the benefits and security enhancements.
  • Ensure seamless integration with the app for a smooth user experience.

6. One-Time Passcode (OTP) to Phone or Email

Overview: OTPs sent to a user’s phone or email add an extra layer of security. Users must enter the temporary code to complete the login process.

One-Time Passcode (OTP) to Phone or Email, pic source here

Pros:

  • More secure than password-only authentication.
  • Widely accepted and easy to understand.

Cons:

  • Dependent on users having access to their phone or email.
  • Can be intercepted if the communication channel is compromised.

Design Tips:

  • Ensure OTPs are time-sensitive to limit exposure.
  • Use SMS and email services with robust security measures.
  • Provide clear instructions on how to handle and enter OTPs.

7. Email and Password

Multifactor Authentication explained, pic source from here

Overview: Email and password combinations are the most traditional method of account protection. Users create a unique password tied to their email address to access their accounts.

Pros:

  • Familiar and easy to implement.
  • Universally accepted and understood by users.

Cons:

  • Not secure enough in the current threat landscape.
  • Susceptible to brute force attacks, phishing, and data breaches.
  • Many users employ weak or reused passwords, compromising security.

Design Tips:

  • Encourage the use of strong, unique passwords.
  • Implement features like password strength meters.
  • Provide options for password manager integration.
  • Promote the use of MFA by combining email/password with another authentication factor.

As technology evolves, so do the methods for securing digital accounts. From traditional email and password combinations to more advanced methods like e-ID authentication, each approach has its strengths and weaknesses. Offering a range of authentication options can cater to different user needs and preferences, enhancing both security and user experience. As a product designer, staying informed about the latest security trends and continuously refining the authentication process is crucial.

We always have weigh between the speed of authentication, the ease of use and geographical usage patterns of the authentication methods.

--

--

Ellie Luo

UX Designer based in Stockholm | UX writer | Love to connect designers from all over the world! ✨