Securing the Sign-up Flow for SSO Accounts
Securing the Sign-up Flow for SSO Accounts
A critical compliance gap in the sign-up flow allowed users registering through Google, Apple, or Facebook to bypass mobile verification. To address this, the flow was redesigned to capture mobile numbers across all SSO entry points. The updated experience balanced platform constraints with a low-friction onboarding process, resulting in higher verification rates and a more secure sign-up journey.
A critical compliance gap in the sign-up flow allowed users registering through Google, Apple, or Facebook to bypass mobile verification. To address this, the flow was redesigned to capture mobile numbers across all SSO entry points. The updated experience balanced platform constraints with a low-friction onboarding process, resulting in higher verification rates and a more secure sign-up journey.
Securing the Sign-up Flow for SSO Accounts
A critical compliance gap in the sign-up flow allowed users registering through Google, Apple, or Facebook to bypass mobile verification. To address this, the flow was redesigned to capture mobile numbers across all SSO entry points. The updated experience balanced platform constraints with a low-friction onboarding process, resulting in higher verification rates and a more secure sign-up journey.
Identifying the gap in SSO Sign-Up
As mobile number verification became mandatory across all Cashrewards accounts, it became clear that users signing up through SSO were skipping verification entirely. These users bypassed the ‘Complete Your Profile’ page and were able to start shopping immediately, creating a significant security and compliance risk.
To close this gap, I audited the sign-up and sign-in journeys and collaborated closely with engineers to understand the specific capabilities and limitations of each SSO platform. These insights helped clarify what each provider supported, such as Google allowing auto-retrieval of mobile numbers, while Apple and Facebook did not, directly informing where and how I could place mobile capture moments into each flow without disrupting the user experience.
Identifying the gap in SSO Sign-Up
As mobile number verification became mandatory across all Cashrewards accounts, it became clear that users signing up through SSO were skipping verification entirely. These users bypassed the ‘Complete Your Profile’ page and were able to start shopping immediately, creating a significant security and compliance risk.
To close this gap, I audited the sign-up and sign-in journeys and collaborated closely with engineers to understand the specific capabilities and limitations of each SSO platform. These insights helped clarify what each provider supported, such as Google allowing auto-retrieval of mobile numbers, while Apple and Facebook did not, directly informing where and how I could place mobile capture moments into each flow without disrupting the user experience.
Designing a Seamless and Scalable Solution
The key design challenge was balancing necessary friction for verification with a low-effort onboarding experience. I stepped back to evaluate the full onboarding journey and engaged with Marketing & Member Services teams to assess which data points were essential, which were redundant, and how changes might affect downstream processes.
Key edge cases were also mapped out, including incomplete profiles, pre-filled vs. manual fields, error states and inconsistent data patterns to ensure a seamless and unified flow. The result was a modular, flexible sign-up flow that adapted to a user’s entry point while standardising mobile verification across all sign-up methods.
Designing a Seamless and Scalable Solution
The key design challenge was balancing necessary friction for verification with a low-effort onboarding experience. I stepped back to evaluate the full onboarding journey and engaged with Marketing & Member Services teams to assess which data points were essential, which were redundant, and how changes might affect downstream processes.
Key edge cases were also mapped out, including incomplete profiles, pre-filled vs. manual fields, error states and inconsistent data patterns to ensure a seamless and unified flow. The result was a modular, flexible sign-up flow that adapted to a user’s entry point while standardising mobile verification across all sign-up methods.
The result was a modular, flexible sign-up flow that adapted to a user’s entry point while standardising mobile verification across all sign-up methods. This implementation led to a 94.6% mobile verification rate among SSO sign-ups, strengthening account security and aligning with legal requirements.
Return to Security Case Study
The result was a modular, flexible sign-up flow that adapted to a user’s entry point while standardising mobile verification across all sign-up methods. This implementation led to a 94.6% mobile verification rate among SSO sign-ups, strengthening account security and aligning with legal requirements.
Return to Security Case Study
Impact
📱 94.6% mobile verification rate achieved across SSO sign-ups
🚨 Closed a high-risk compliance loophole across multiple platforms
🧩 Built a scalable and provider-aware mobile capture pattern
📉 Reduced drop-off by aligning design with technical and behavioural realities
Impact
📱 94.6% mobile verification rate achieved across SSO sign-ups
🚨 Closed a high-risk compliance loophole across multiple platforms
🧩 Built a scalable and provider-aware mobile capture pattern
📉 Reduced drop-off by aligning design with technical and behavioural realities
