Transforming Google Account Security for billions of users

Client
Google LLC

Year
2020-2024

As the Lead UX Designer for Authentication at Google, I spearheaded a multi-year overhaul of the enrollment experience for two of Google’s most critical security programs: 2-Step Verification and the Advanced Protection Program. These initiatives, safeguarding billions of users globally, required a thoughtful balance between rigorous security measures and ease of use.

From initial strategy development to final implementation, I led cross-functional teams in creating a scalable system designed to simplify complex processes while maintaining the highest security standards. By reducing barriers to entry, I ensured that these programs could evolve with Google's growing user base, aligning with both security and usability goals.

This work not only increased adoption but also established key design principles that continue to shape the evolution of Google’s security products.

In my role as lead for 2SV, I identified and tackled critical challenges surrounding Google’s reliance on SMS-based authentication.

A key goal for the project was to create a path toward sunsetting SMS dependency, as it is one of the least secure and reliable authentication methods globally.

Due to technical constraints, the existing onboarding system couldn’t be refactored—it had to be adapted to Google’s modern design and engineering systems.

With these goals and constraints in mind, I led the effort to redesign the entire 2SV enrollment flow, ensuring it was both secure and intuitive for users.

Bringing security to millions more users

For 2SV, we reduced SMS dependency by introducing more secure alternatives like Google Authenticator and passkeys into our enrollment and security policy—all while ensuring the design was future-proof and adaptable to evolving user needs.

For APP, we ensured it remained accessible to those who needed it most - while modernizing and simplifying the enrollment journeys.

Scaling 2-Step Verification

I focused on removing barriers to make the best of Google authentication accessible to more users.

By changing 2SV policy to reduce reliance on SMS for 2SV enrollment, we expanded access to users who either couldn’t use SMS due to regional or technological limitations or preferred not to for privacy and security reasons.

For the Advanced Protection Program (APP), we changed enrollments to encompass passkeys, security keys, and other enrollment options.

This shift made APP more accessible to high-risk users who needed robust protection but faced enrollment hurdles.

It improved inclusivity and scalability while maintaining best-in-class security.

Secure by Default

To enhance account security, I spearheaded the design of an auto-enrollment system for 2SV—defining a clear vision for notifying users while allowing them to opt out. The system leveraged existing Google tools—such as notifications and email—while establishing viable cohorts through existing metrics channels. This made the program functionally lean, fast, and reliable. We also took meaningful steps to ensure the success of automatically enrolled accounts by verifying they were properly configured and met established success criteria.

To proactively address potential user concerns and needs, I conducted extensive user research to identify friction points and mitigate them early in the process. This research informed both the design of the notifications and the overall user journey, ensuring users understood the reasons behind the changes and felt confident in the process.

As a result, the program to automatically enroll good candidates for 2-Step Verification tripled the number of Google Accounts enrolled in 2SV - all while improving sign in success rates.

By collaborating with cross-functional teams, including Product Management, Engineering, UX Research, and Legal, I was able to foster alignment on UX strategy and ensure a rock solid, airtight set of UX first strategies to transform Google’s Authentication systems.

Through A/B testing and qualitative research, we validated design decisions that led to a 54% decrease in SMS usage and a 59% increase in Google Authenticator adoption.

These improvements enhanced security, improved UX, and maintained sign-in success rates—all while contributing to multimillion-dollar cost reductions.

Get 2-Step Verification

• Get 2-Step Verification •

Get 2-Step Verification on your Google Account

Check it out

Check out Advanced Protection

• Check out Advanced Protection •

Advanced Protection is available today

(recommended only for vulnerable users like politicians, journalists, other at-risk people)

Check it out

Process

1 Align with organizational strategy while identifying opportunities for innovation by deeply understanding existing products, constraints, and future needs

2 Created a user-centric design strategy for 2SV focused on making security accessible to a broader user base.

For APP, aligned security requirements with usability goals, ensuring that the program could protect sensitive users without compromising ease of use

3 Worked closely with PMs, Engineering, UX Research, UX Writing, and Legal to ensure that both 2SV and APP design decisions were feasible and aligned with organizational goals - while building on and extending existing frameworks

4 Held regular syncs with cross-functional teams to ensure smooth communication and collaboration throughout the project lifecycle. Documented key decisions within UX briefs, trackers, and other tools to maintain a clear record of challenges, decisions, and project needs

5 Conducted A/B testing, dogfooding, qualitative research, and ongoing analysis to validate design decisions and improve the enrollment flows - leveraging real world use cases to drive product direction

6 Oversaw the implementation of the 2SV redesign, ensuring the removal of SMS dependency, while retaining availability for users who wanted it, and the seamless integration of more secure authentication methods

7 Supported the rollout of passkeys in APP, collaborating with cross-functional teams to ensure security standards were met while keeping the UX smooth and intuitive

8 Analyzed post-launch metrics for 2SV, including the 59% increase in Google Authenticator adoption and 54% reduction in SMS usage for 2SV enrollment, and 30% increase in total enrollments for APP

The takeaway

To enhance Google’s sign-in programs, I worked closely with PMs, Engineering, UX Research, and UX Writing, ensuring our solutions were rooted in user feedback, business priorities, and security requirements.

Regular updates to leadership and strategic alignment allowed us to remain agile, iterating on the product to continually improve UX.

By prioritizing user-centered design, fostering cross-functional collaboration, and balancing security with usability, we successfully transformed 2-Step Verification enrollment and expanded the reach of APP.

Transforming Google Account Security for billions of users

In my role as lead for 2SV, I identified and tackled critical challenges surrounding Google’s reliance on SMS-based authentication.

With these goals and constraints in mind, I led the effort to redesign the entire 2SV enrollment flow, ensuring it was both secure and intuitive for users.

Bringing security to millions more users

For 2SV, we reduced SMS dependency by introducing more secure alternatives like Google Authenticator and passkeys into our enrollment and security policy—all while ensuring the design was future-proof and adaptable to evolving user needs.

For APP, we ensured it remained accessible to those who needed it most - while modernizing and simplifying the enrollment journeys.

Scaling 2-Step Verification

I focused on removing barriers to make the best of Google authentication accessible to more users.

By changing 2SV policy to reduce reliance on SMS for 2SV enrollment, we expanded access to users who either couldn’t use SMS due to regional or technological limitations or preferred not to for privacy and security reasons.

For the Advanced Protection Program (APP), we changed enrollments to encompass passkeys, security keys, and other enrollment options.

This shift made APP more accessible to high-risk users who needed robust protection but faced enrollment hurdles.

It improved inclusivity and scalability while maintaining best-in-class security.

Secure by Default

By collaborating with cross-functional teams, including Product Management, Engineering, UX Research, and Legal, I was able to foster alignment on UX strategy and ensure a rock solid, airtight set of UX first strategies to transform Google’s Authentication systems.

Through A/B testing and qualitative research, we validated design decisions that led to a 54% decrease in SMS usage and a 59% increase in Google Authenticator adoption.

These improvements enhanced security, improved UX, and maintained sign-in success rates—all while contributing to multimillion-dollar cost reductions.

Get 2-Step Verification

•

Get 2-Step Verification • Get 2-Step Verification •

Get 2-Step Verification on your Google Account

Check out Advanced Protection

•

Check out Advanced Protection • Check out Advanced Protection •

Advanced Protection is available today

(recommended only for vulnerable users like politicians, journalists, other at-risk people)

Process

1

Align with organizational strategy while identifying opportunities for innovation by deeply understanding existing products, constraints, and future needs

2

Created a user-centric design strategy for 2SV focused on making security accessible to a broader user base.

For APP, aligned security requirements with usability goals, ensuring that the program could protect sensitive users without compromising ease of use

3

Worked closely with PMs, Engineering, UX Research, UX Writing, and Legal to ensure that both 2SV and APP design decisions were feasible and aligned with organizational goals - while building on and extending existing frameworks

4

Held regular syncs with cross-functional teams to ensure smooth communication and collaboration throughout the project lifecycle. Documented key decisions within UX briefs, trackers, and other tools to maintain a clear record of challenges, decisions, and project needs

5

Conducted A/B testing, dogfooding, qualitative research, and ongoing analysis to validate design decisions and improve the enrollment flows - leveraging real world use cases to drive product direction

6

Oversaw the implementation of the 2SV redesign, ensuring the removal of SMS dependency, while retaining availability for users who wanted it, and the seamless integration of more secure authentication methods

7

Supported the rollout of passkeys in APP, collaborating with cross-functional teams to ensure security standards were met while keeping the UX smooth and intuitive

8

Analyzed post-launch metrics for 2SV, including the 59% increase in Google Authenticator adoption and 54% reduction in SMS usage for 2SV enrollment, and 30% increase in total enrollments for APP

The takeaway

To enhance Google’s sign-in programs, I worked closely with PMs, Engineering, UX Research, and UX Writing, ensuring our solutions were rooted in user feedback, business priorities, and security requirements.

Regular updates to leadership and strategic alignment allowed us to remain agile, iterating on the product to continually improve UX.

By prioritizing user-centered design, fostering cross-functional collaboration, and balancing security with usability, we successfully transformed 2-Step Verification enrollment and expanded the reach of APP.

Google’s authentication products now seamlessly and sustainably scale to billions of users—powered by renewed policy, UX strategy, and system design.

Get 2-Step Verification •

Check out Advanced Protection •