Cisco Duo

Proximity Authentication: an accessible two-factor
authentication (2FA) for users with vision impairment
  • TYPE
    End-to-end product design
  • PARTNER
    Cisco
  • DURATION
    Sep 2022 - Dec 2022
  • CONTRIBUTION
    Lead
    Project direction & strategy, research, synthesis, ideation, weekly sync & follow-up, contextual inquiry, usability testing, expert evaluation, handoff, impact metrics

    Independent
    Problem statement, stakeholder map, interview guideline/interview questions/survey design, competitive analysis, data & insights synthesis, user flow, task analysis, onboarding flow, product ideation, tech implementation ideation

    Collaborative
    Reach out, interviews, research synthesis, persona, user journey, brainstorming, prototyping & iteration, testing & evaluation, feedback synthesis, slides prep
  • TEAM
    1 collaborating UX designer, 1 PM, 1 accessibility manager, 1 senior accessibility engineer, 1 principle engineer, 1 senior director @ Cisco Invention Lab
  • OUTCOME
    Client pitching & Demo day 2nd place
    Recognition on Cisco Blogs
    Research paper submitted to ACM CHI 2023

Overview

Context
During the partnership between Cisco Duo Security and Equitable Design Lab in UC Berkeley Hass Business School, we were given the challenge to dive deep into how we can make cybersecurity more accessible and inclusive, and find possible ways to better detect, prevent, alert, or resolve cybersecurity attacks on end users with disabilities based on the Duo Security product.

Result
We designed Proximity Authentication for Duo Security, an accessible 2FA method for users with vision impairment. It speeds up the user experience flow, increases their cybersecurity safety level, and reduces their VoiceOver usage with digital devices.

Impact
Each authentication through proximity can save users with vision impairment 27 seconds, 9 swiping gestures, and 1 double-tapping gestures on VoiceOver (with 40% readout speed).

Faster.
Safer.
Less overwhelming.

Design for one.
Beneficial for all.

Research

Started off with secondary research, I identified our key stakeholders, looked into the current situation and challenges people with disabilities are facing, evaluated existing assistive technologies, analyzed major competitive products in cybersecurity, and researched major cybersecurity concerns of people with disabilities. This process helped me design structured interview questions and  move on to primary research, where we conducted 11 in-depth interviews with major stakeholders and engaged with their community.
Background Research
According to the fact sheet published by the World Health Organization (WHO) in 2022, there are at least 2.2 billion people who have a near or distance vision impairment globally. As of 2020, the number of people with blindness worldwide is 43.28 million. As blind people rely heavily on screen readers and text-to-speech technology when navigating digital devices such as mobile phones and laptops, their world is full of different sounds. Statistics shows that the number of Internet of Things (IoT) connected devices worldwide is forecasted to reach 29.4 billion by 2030. If it is proven to be true, blind people will be brought into an increasingly overwhelming world full of sounds.
User Research
I developed our interview guideline by referencing Qualitative Research Methods: A Data Collector’s Field Guide and Guidelines for Interviewing People with Disability by AAIDD. I defined three major criteria of our interview participants, including people with disabilities, experts in cybersecurity, and researchers working in accessibility and disability. I designed separate interview questions for each group of interviewees to better align with their background and expertise, aiming to learn about their daily routine, past experience in cybersecurity, experience with assistive technologies, experience in accessibility research, and critique in existing cybersecurity products.

Synthesis

We created an affinity map and an empathy map to highlight our early-stage findings from background research and interviews.
Affinity Map
Empathy Map

Stand in their shoes: testing VoiceOver myself

To better empathize with our end users and understand their frustrations, I tested out the entire Duo mobile experience of using VoiceOver on iPhone and macBook on my own and marked down the struggles I encountered. This process helped me prepare for leading an additional interview with one participant with vision impairment, targeting the current user experience. We observed her navigation process aided by VoiceOver and noted her pain points in detail. Insights that I synthesized are as follows.

Auditory
Overload

INSIGHT
Notifications in different sounds/vibrations across multiple devices is extremely stressful and overwhelming.

The potential risk of missing time-sensitive notifications is increased.

The unavoidable VoiceOver overlap hinders users from focusing on information from each device.

VoiceOver
Usability

INSIGHT
Performing repetitive hand gestures (swiping & double-tapping) with VoiceOver to respond to time-sensitive cybersecurity notifications is challenging and time-consuming.

Wearing headphones when using VoiceOver in public to avoid eavesdropping is uncomfortable.

Inaccessible
App Features

INSIGHT
Duo Mobile makes it required to switch between devices/applications to authenticate—complex and demanding.

2FA requests from geolocations different than that of the actual users cannot be automatically blocked.

Task Analysis & User Journey: where do people with vision impairment get stuck?

I integrated the characteristics, struggles, and desires of all interviewees into one persona. I created a task analysis of our persona where I analyzed the obstacles in each step of the user flow in detail, ensuring its consistency with research insights. I brainstormed design opportunities for each obstacle, proposed early-stage potential solutions, and marked them down on the task analysis graph.

We integrate the persona and task analysis into a complete user journey. We mapped the user experience into 5 stages and visualized the emotions of each action. I designed possible hacker behaviors and potential design opportunities throughout the journey.
Task Analysis
OPPORTUNITY

How might we alert cyber attacks to people with vision impairment in a way that is faster, safer, yet less overwhelming?

Brainstorm & Ideate

I identified three goals to improve equity and accessibility of Duo users with vision impairment:

a) improvement in safety level;
b) alleviation in the pain of using VoiceOver with headphone on different devices & applications;
c) simplification in the app-based 2FA experience.


I defined two design concepts, identified goals, and sketched them out to move forward: calm mode feature and smart wearable design. We collaborated on prototyping these potential solutions.

Prototype 1: Calm Mode

Pain point: Auditory Overload

Concept: Calm Technology

Features:
To avoid the overwhelmingness of notifications by
1) prioritizing cyber attack alerts;
2) temporarily delaying other notifications, offering a longer time for users to take actions.

Prototype 2: Safelet

Pain point: Voiceover & Accessibility

Concept: Smart Wearable

Features:
1) enabling Duo’s functionality on a physical watch strap;
2) offering geolocation auto checking + biometric authentication;
3) offering haptic, non-audio notification feedback (eg. pressure).

Prototype & Design

We shared the two prototypes with Cisco, synthesized feedback, and agreed on refining my Proximity Authentication idea (see gif below). This design simplifies the 2FA user experience into one single action after login IDs and passwords are inputted: bringing the authentication device close to the login device.

Users would need to pair two of their devices together during product onboarding to enable this method (Proximity Authentication is recommended and Biometric Authentication is offered as an alternative when users set up their accounts). Once the two devices are close enough, proximity checking will happen automatically in the backend. When checking is completed, users will be able to login successfully.

Instead of requiring users to navigate between different tabs, applications, and devices, this design automatically identifies whether users are receiving a safe login attempt and approves it if secure. Users with vision impairment are informed of proximity checking and safety checking status by VoiceOver on their mobile devices, with no need for any hand gesture performance.

Alternative Pairing Options
In addition to laptop-phone pairing, Proximity authentication is a universal solution that also supports phone-smart watch pairing and laptop-smart watch pairing.

Potential Technology Implementation

Given my interdisciplinary background in design and technology, I also dived into potential technologies that our partner Cisco can bring our design solution to life in the future. Regardless of the choice of backend network architecture, user experience in the front end remains the same.
New User Flow
Onboarding Flow
Before
After

Test & Evaluate

Usability Testing
I developed a testing guideline and led a remote session with participants with varying vision abilities (including those who are visually impaired and those with average eyesight).
Stakeholder Evaluation
We also reached out back to our stakeholders to evaluate the solution and received very positive feedback. This design solution is innovative, fast, convenient, and safe. It not only offers a smoother experience for the visually impaired, but also benefits general users at large.

Reflect

It's been quite a journey—challenging, messy, but fruitful!

1) Design is never linear. I feel more confident about embracing uncertainty and overcoming challenges. Be bold and keep moving forward, yet remember to always revisit the process—it helps consolidate the idea!

2) Empathy only counts when put into action. Ways to understand users are never limited to interviews, field visits, and contextual inquiry—putting myself in their shoes and experiencing VoiceOver on my own, I truly empathize with out target users with vision impairment. It helps me create inclusive and accessible designs.

3) Cross-functional collaboration is treasure. Leading the close collaboration with different stakeholders from Cisco and keeping the discussion going has helped me conceptualize and logicize our design idea way faster.
BACK TO HOME