Ninety MFA Onboarding Experience

Problem Statement

Ninety's reliance on SMS-based MFA has led to security vulnerabilities, frequent availability issues, and inflated operational costs. We've experienced incidents where SMS delivery failed due to AWS partner outages and spam-driven usage spikes.

Our hypothesis:

We believe replacing SMS MFA with TOTP (Authenticator App) and email fallback will improve security posture, increase login reliability, and reduce support tickets.

We'll know we've succeeded if we can:

  • Gracefully unenroll existing MFA-Enabled users from SMS

  • Subsequently empower these users to enroll successfully in TOTP

  • No login-related incidents are linked to MFA within 30 days of release.

User Journey Mapping

My Role

As Lead Product Designer, I was responsible for:

  • Auditing the existing login and MFA experience

  • Mapping ideal-state user flows for TOTP and Email fallback

  • Designing responsive UI for enrollment, authentication, and fallback

  • Collaborating with engineering to ensure edge cases and error states were captured

  • Writing UX copy, including success/failure messages and error handling

The Solution

Previous

Ninety.io Global Navigation Refactor
Next

Nutrisystem