Building a better, more secure way to protect your online identity.
Of the 3.2 billion internet users around the globe, only about 3% use 2-step verification. Centralized credential storage makes it easy for hackers to gain access to massive amounts of sensitive information. While every user cares greatly about protecting their privacy, such a small percentage actually take the extra step to protect their online identities.
Make 2-step verification more secure and more approachable by using a simple hand gesture to verify account logins.
This is a feature that shipped while I was working as the Director of Product Design at Motiv. We had a director of engineering along with 4 engineering IC’s, 3 on iOS and 1 on Android. Between the 4 of them, they worked on the bluetooth layer to ensure seamless communication between the ring an a second device.
There was also one project manager, two QA engineers, and myself. Additionally, there was investor interest and encouragement from the board of directors of Motiv, along with our CEO, who encouraged this feature’s launch due to the potential for strategic partnerships it would open up.
Research & Competitive Analysis
To understand market appetite and what sort of conversations were being had among an existing population who were already using various forms of multi-factor authentication, we turned to the App Store and the Play Store. Exiting authenticator apps such as Google Authenticator and Auth gave us clues into what problems still needed to be solved in the authentication space. We combed through pages and pages of 4 and 5 star reviews, as well as 1 and 2 star reviews, to try to understand what was working and what was not. Then, we were able to craft a list of hypothetical features relating to security and turn it into a survey that we shipped to our existing user base to gauge adoption.
The existing authentication process is complicated and time-sensitive. The most common methods are SMS or app-based authentication, whereby a user is sent a 6-digit code that expires and resets every 30 seconds. After a user successfully enters their username and password, they are prompted with a field in which to enter their 6-digit codes.
Simplifying the process with a gesture
With the Motiv Ring, TOTP codes are stored on the ring itself, and transmitted to a computer via bluetooth with a simple and gesture. There is no fumbling with a phone, no transcribing numbers incorrectly, just a simple gesture every time. When a user takes their ring off their finger and no heartbeat is detected, the ring enters a “not authenticated” state and this gesture is disabled, making the Motiv Ring the most secure method of multi-factor verification available.
Managing multiple accounts—Though codes can exist on the ring and triggered with a gesture, they still need to be managed in an app.
Through surveys and research we learned that a large percentage of users only use multi-factor authentication because it is mandated by their employer, or if they only care about protecting one account. For a smaller percentage of users who use multi-factor logins several times per day, and for several different accounts, we designed the ability to switch “active codes” on the ring.
Via QR code, users are able to scan a QR code with their Motiv app and then manually sync their ring to store a TOTP an “active” TOTP code. They’re able to build a list of all accounts, and activate codes for specific accounts as needed.
App gated by biometric verification
An off-finger event disables this security feature on the ring. The re-authentication process would require a user to enter back into their Motiv app and perform a manual sync to re-authenticate it. Leveraging a user’s smart phone in our re-authentication journey allows us to gate the Motiv Ring with biometric ID, making it the most secure form of possession-based authentication on the market.
Building a Design system
Designs are executed according to atomic design principles, whereby each component built is comprised of smaller elements, all specified in Zeplin. Engineering team members are able to look at Zeplin.