Problem

Compromised Credentials, Unprotected Accounts

Following a security data theft incident, the bank faced a critical vulnerability: the authentication system relied solely on username and password combinations. Once credentials were compromised in the breach, attackers had direct access to customer accounts with no secondary verification layer to prevent unauthorized access.

Solution

Text message authenticator Implementation

I designed and implemented a three-phase SMS-based two-factor authentication system that balanced security with user experience. The solution mandated mobile number collection for all applications, presented users with authentication method options post-login, and built a comprehensive SMS verification flow with robust edge case handling including international number validation, limits for incorrect passcodes, mandatory field enforcement, and one time password feature. The implementation successfully reduced unauthorized account access while maintaining high user adoption through clear communication.