Situation

Identity thieves are starting to target accounting firms, as security measures to protect individuals have become stronger.  In the Fall 2016, Thomson Reuters decided to increase the security around their software for professional tax preparers and accountants to not only proactively meet new U.S. government security standards, but exceed them.

Action

Working on a short timeline with a hard deadline, I led the design for the incorporation of new IRS security requirements and the user research for how to explain and present our changes to users. My research not only tested our prototypes, but it also led to direct insights about obstacles for our users would encounter, how much additional security they would tolerate, and how to introduce these new security measures to customers.

I designed:

• One security login process that would work for existing desktop software and web apps,
• A mobile application (iOS and Android) to give users the ability to login with multi-factor authentication (including application logo)
• Customer emails and communications: to announce the new security requirements; educate customers about multi-factor authentication; and
• The registration and security administrative pages, which firms would need to create new accounts for their employees.

Usability Testing

This project did not have time for upfront research to be conducted, we were however able to test the setup process and login process with users.  Furthermore, we conducted two different user tests.  One test focused the administrative experience, while the other focused on the staff experience.  Using I prototype I made in Axure, we tested our designs on 14 different users from 4 different firms. As a result of this testing, we were able to change the prototype before this products went into development.

Results

This project launched with no major design issues and today is used by more than 150,000 customers (37,000 firms)—and potentially more, as other Thomson Reuters applications teams begin to adopt our multi-factor authentication. It’s so simple a 7-year-old kid can set it up.

Here’s what some users had to say:

It is now a key component of our products and a part of our 2017 annual report.

Below are some screenshots from the design process. Many of these are not the final design.  They were edited or changed because user testing, new technical requirements, technical limitations, or to meet the deadline.