Northern Trust
Implementing Multi-Factor Authentication
The Business
Northern Trust is a global financial institution that provides asset servicing, investment management, and wealth management services for institutions, high-net-worth individuals, and families. With more than 23,000 employees around the globe, the bank manages more than $1.3 trillion in assets for their clients.
The Ask
The bank was facing increasing security concerns and regulatory requirements.
The Head of Experience Design tasked me with designing and building a customized flow for enrolling users into and installing up to six MFA 3rd party applications per user (such as Okta or Google Authenticator) at login.
My Role
As the Lead Product Designer, I needed to create and implement a user-friendly Multi-Factor Authentication (MFA) process that met stringent security requirements while supporting legacy applications and tech infrastructures, minimized user friction, and maintained a seamless login experience, all within an ambiguous “should have been done yesterday” timeline.
Team included:
• Director of Security Architecture
• Product Manager
• 6 Developers
• 3 Software Quality Engineers
• Scrum Master
Planning
& Research
I kicked off the project by starting with comparative research to see how other financial institutions were handling their two-step verification, and what Northern Trust’s customers’ expectations might be after being notified that multi-factor authentication would be required to access their accounts.
Planning & Research
I also engaged Product Owners and members of the Customer Support Help Center for one-on-one interviews to collect any undocumented requirements and attempt to understand how the upcoming changes to the bank’s applications may be received by their customers and hear any concerns they might have.
Wireframes
I planed a user flow modeled on the out-of-the-box experiences of the industry leading MFA applications that users were likely to be familiar with – while including the bank’s specific requirements.
Testing & Rapid Prototyping
There were a lot of questions and concerns about the goals of the projects being put forward by the team and Product owners - which motivated me to put this into testing ASAP. By using Figma and taking advantage of Northern Trust’s existing design system, I was able to quickly develop a clickable prototype consistent with the bank’s branding.
Testing Results
I was able to run multiple rounds of testing using an end-end clickable prototype. Users were guided through the enrollment and activation process by a moderator and interviewed before, during, and upon completion about their feelings around the language, design, and personal expectations of the MFA process.
What I heard the most
“Why am I making this choice?
You’re the experts.”
And Confirmed
Be Concise Keep copy sparse and well edited so users aren’t overwhelmed by too much information
Be Consistent Align language across web & digital devices to create a consistent experience
Be Distinguishable Allow users to confidently take action by clearly distinguishing between copy and clickable content
Be Streamlined Ensure required user actions (primary CTAs) are as streamlined and simple as possible
Be Manageable Ensure the number of user choices are a manageable amount to avoid inundating users with too many options
Be Informative When asking users to make a decision, ensure they have the information they need to make an informed choice
Be Learnable Use parallel construction across pages to assist with learnability
Followup Questions
91%
46%
57%
84%
32%
Did this look and feel like Northern Trust?
Was two-step Verification quick and easy to enroll in?
Are you confident that you would correctly enroll in two-step verification again if you had to?
Does two-step verification increase your confidence that your data is protected?
Was this two-step verification experience similar to what you would expect to see outside of Northern Trust?