top of page

FIDO: Designing a More Secure and Effortless Login Experience

(Passwordless authentication within SSO)

WhatsApp Image 2025-10-29 at 16.59.22.jpeg

My Role

Leading UX Designer

Team Meeting

Team

Product Manager, Architect, Developers, UX Manager, Information Development,

one white paper airplane on a medium blue solid background.jpg

Status

In development

Glossary

FIDO

An alliance/standard (rulebook) that says “here’s how to log in without passwords safely.”

FIDO2

The updated version that most modern browsers/devices use.

WebAuthn

The browser-side tech that websites use to talk to your device (the lock and key handshake).

Authenticator

The thing that proves it’s you (phone, laptop secure chip, YubiKey, Touch ID, Face ID).

Passkey

A FIDO login stored on your device (or synced in iCloud, Google Password Manager, etc.). It’s the consumer-friendly name for “FIDO credential.”

The Problem

Our support teams were receiving a high volume of calls from users struggling to recover their accounts due to issues with two-factor authentication (2FA) and forgotten passwords. The existing recovery experience was inconsistent and time-consuming, creating frustration for users and internal teams alike.

Hypothesis

By exploring passwordless authentication methods within our internal Single-Sign-On (SSO), we could:

  • Strengthen security and compliance 

  • Reduce cognitive load during login

  • Decrease support requests for 2FA and password resets

  • Provide users with additional, reliable recovery routes

Discovery

Workshop

The project began with a discovery workshop I helped plan and facilitate alongside the PM and architect.
Together, we:

  • Agreed on the problem definition and project scope

  • Gathered relevant documentation and stakeholder input

  • Negotiated realistic timelines (after initially being asked to deliver designs in just two weeks)

We identified both opportunities and risks early:

  • Opportunities: Stronger security, faster login, improved usability

  • Risks: Limited recovery routes increasing IT tickets; unknown FIDO2 issues

  • Mitigations: Defined clear recovery paths and created a monitoring process to flag potential usability risks early

Competitive Audit

I conducted competitive audits of similar authentication systems and reviewed our internal SSO flows to understand current pain points.
Throughout the process, I ran multiple alignment meetings and workshops to ensure shared understanding between design, architecture, and development.

Constrains

One of the biggest challenges was technical constraints.
Our current SSO is built on basic HTML, and adding a secure “Manage Passkeys” page directly within it would compromise both the look and perceived trustworthiness of the experience.

We opted in for using design system and its components, and then use a method of redirection between SSO and the new page.

Ilustration of potential risks
Wire flows explorations for FIDO2
Audit of competitors using FIDO2

Solution

To maintain a seamless yet secure user experience, I proposed creating the new management page using our Design System, and connecting it to the legacy SSO via redirects.
This approach allowed us to preserve a consistent visual experience and uphold accessibility and security standards.

The design revamp included:

  • Updated SSO login and registration screens

  • A new “Authentication Settings” page where users can manage MFA, passwords, and passkeys

  • Flows for both new and existing users

Registration dialog allowing users to pick passwordless option

For net-new users

During registration, users can choose between traditional password + 2FA or a passwordless setup.

Authentication settings page where user can managed their authentication options

For existing users

Once logged in, users can access the new “Authentication Settings” page via their account menu. The page will be marked as new to improve discoverability and adoption.

Delivery

I analysed use cases provided by the PM and created additional ones during the workshops.
Based on the architect’s technical flow diagrams, I mapped missing states and screens, ensuring every authentication path was accounted for.

Since this was a proof-of-concept project, the PM limited cross-team involvement to reduce complexity. This meant prioritising designs that could demonstrate feasibility without depending on full-scale implementation.

FIDO2 handover in Figma

Outcome

To deliver a seamless and secure user experience, I led the design of a new management page built on our Design System, strategically integrating it with the legacy SSO through secure redirects. This solution ensured visual and functional consistency across platforms while maintaining rigorous accessibility and security standards.
Key enhancements included:
•⁠  ⁠Redesigned SSO login and registration screens for improved clarity and usability
•⁠  ⁠A new “Authentication Settings” page empowering users to manage MFA, passwords, and passkeys
•⁠  ⁠Streamlined flows tailored to both new and returning users

Key learnings

  • Cross-team alignment is critical when communicating authentication changes.

  • Early UX involvement helps balance security requirements with user trust.

  • Messaging must be targeted, not broadcast, authentication is personal.

  • Technical constraints can inspire creative, scalable design decisions.

  • Designing for security means designing for trust, not just compliance.

  • Clear recovery paths reduce user anxiety and support workload.

  • Workshops build shared understanding faster than documents ever could.

  • A service mindset helps connect isolated login steps into a cohesive journey.

Is there more you would like to see?

bottom of page