top of page

Project: Schwab Next Generation Online Authentication

THE BACKGROUND

In 2018, I led the UX design efforts for Schwab’s Next Generation Authentication (NGA), part of an online security initiative aiming to provide secure, streamlined access to user accounts. Our team’s purpose was to strengthen Schwab’s authentication while enhancing user experience, a necessity given evolving cybersecurity threats and limitations of passwords as a security method.

Anchor 2

THE CHALLENGE

“Passwords alone won’t be enough in the future”

Today, many users rely on passwords for primary authentication, but research shows this approach is increasingly insufficient. Passwords alone lead to a poor client experience and foster unsafe behaviors.

“Attackers are evolving rapidly”

Cyber threats are escalating, and traditional methods are becoming inadequate. Here are some notable statistics highlighting the risks:

59%

of users forget their passwords 1-5 times a year.

55%

abandon login due to password or security question issues.

17%

still use “123456” as a password.

230,000

new malware samples emerge daily.

THE SOLUTIONS

As cyber threats evolved, so did our approach to keeping clients secure. It was clear that traditional passwords alone wouldn’t cut it, and we needed to expand our toolkit with more innovative, user-friendly authentication methods. We explored four main types:

  • Something You Know: Traditional methods like passwords, static PINs, and challenge questions.

  • Something You Have: Expanding with tokens, OTPs, and SMS verification.

  • Something You Are: Integrating biometrics such as fingerprints and facial recognition.

  • Something You Do: Monitoring unique behaviors like typing patterns or device handling.

Objectives

 

  • Reduce or eliminate reliance on passwords

 

  • Accelerate the delivery of the roadmap
     

  • Quickly add new & future authenticators
     

  • Balance security and experience
     

  • Add flexibility & rapid threat responsiveness

Plan

We started with the highest value features...

Chart.jpeg

... and identified three new authentication methods to work on next,

 

  • Embedded Token
     

  • Push–to–login
     

  • Scan–to–login (QR Code) 

ComingNext.jpeg

Vision Deck

VisionDeck.jpeg

Design Iterations

Task Flow

Flow2.jpeg

Wireframes

Wireframes.jpeg

Lo-fi Mockups

LoFi Mockups.jpeg

Redlines

Redlines.jpeg
bottom of page