Skip navigation
Product & Engineering

Designing an Easy, Fast, and UX-Accessible Universal Prompt: Q&A with Sierre Wolfkostin

Sierre Wolfkostin, Design Lead of the Universal Prompt, is energized by big challenges. With a learning mindset and focus on understanding people, she has helped make Duo’s new MFA experience easier and faster for all people – not just some. Sierre spoke about the importance of UX accessibility, Duo’s healthy work culture, and how design plays a role in the evolving journey of democratizing security.

Joining the team

Question: How did you first learn about Duo?

Sierre Wolfkostin: I had known about Duo since my years at the University of Michigan. My professor, Mark Thompson-Kolar, worked at Duo and would walk into class carrying slides full of examples of design decisions and why they were made. I remember our analysis of the Duo mobile app.  There was so much to learn from that app’s design, from a human thumbs' reach to the power of muscle memory and color psychology.

Years later, I was drawn to Duo for the same reason I was drawn to Mark's class. There's a deep focus on learning here. Everyone that I've met –  whether it’s designers, engineers, writers, product managers – everyone has an appreciation for gathering knowledge and sharing what they've learned with others.

Did you always want to be in design?

I had always been fascinated with a variety of disciplines: art, behavioral science, psychology, technology. What I love about design is that it brings all those disciplines together to make a product feel simple and intuitive.

What are your goals in your work at Duo?

My main goal is to be an enabler of the Duo authentication experience. I enable my engineering team by providing user insights, research, designs and specs to help build a quality product. I enable fellow designers by providing input, feedback, coaching and mentoring – especially when it comes to storytelling and logically describing how you get from point A to point B.

How does storytelling fit into design?

Stories are how humans naturally make sense of the world. It's how we've always communicated, how we've remembered and shared and passed down information. So no matter the project, no matter the work that we're doing, I always seek to understand this larger overarching narrative that can help us make sense of what's going on.

Journey to the Universal Prompt

What’s the Duo Prompt, and what’s its story?

The Duo Prompt can be thought of as a smart door to your work applications. A normal door only takes a key and can be easily picked by a decent lock picker. A smart door, however, can accept a variety of more secure methods of access, like a special code or a signal from your phone, or even a fingerprint. Millions of people now rely on our digital smart door to stay safe online.

The Universal Prompt is the next evolution of the Duo Prompt. It’s a major technical and UX redesign that covers someone’s end-to-end authentication experience, from the moment you start using Duo for the first time to regularly verifying who you are when you login.

What were your goals for the Universal Prompt?

From the beginning we were rigorous about how we measure success. Liz Donovan and our amazing Design Research team led a series of workshops with everyone closest to the work from design, engineering, and product. From those, we came away with three main goals that we've kept to throughout the whole course of the project.

First, we want people to feel that Duo is easy. Second, we want people to feel that Duo is fast. And finally, we want people to spend less time overall authenticating with Duo.

From the beginning, too, we installed instruments like logging, online surveys, and A/B tests to ensure that we were continuing to progress towards those goals.

What challenged you while working to accomplish those goals?

There are a lot of interesting challenges when it comes to designing security products used by humans. You've got to constantly consider both security - staying free from danger and threat - and also ease of use. We have to ask ourselves questions like: how might we be burdensome, but only for bad actors and not for normal people just trying to get their work done?

When someone uses the Duo Prompt, for example, it's not like they hold up a flag and say, “Hey, I'm a bad actor,” or, “Hey, I'm just trying to access my work.” That's something we have to deduce along the way, which is why we have this very robust system of security checks, like checking the health of your device, the health of your browser, checking where you logged in last, all of these different data points are considered.

Were you surprised by what users needed?

From the 20 plus user interviews we conducted over the course of our early beta, one of the things that still stays with me is how little users consider the Duo Prompt within the larger context of their work. Typically we’re a small step within their overall journey to, say, respond to an email, or visit a collaboration space. That points to the need for even more simplicity when possible because our product is not a destination product.

We do not need or want people to spend a lot of time with us; rather, we want to make sure you’re safe and then get out of your way.

What Universal Prompt features are you most proud of?

I'm really proud of the Universal Prompt’s simplicity and its ability to filter out so much complexity that's going on behind the scenes. For example, whenever you go to log in, we as a security company are assessing a dozen different points. We're assessing the health of your device, any special rules set by your admin, what methods you have available to log in, et cetera. There's a hundred things that we could tell you, but if we did, we'd just be cluttering your mind with a lot of information that's not relevant to what you're trying to do. So we've been intentional from the start about hiding a lot of that complexity and only showing you the most important information.

If you truly want to democratize security and make it something that everyone can do, then you do have to be secure, but also very simple, very easy to use.

Putting the “universal” in Universal Prompt: The process of accessible UX

How have you made Universal Prompt accessible for all? How did you incorporate UI accessibility in the process?

A lot of rigor went into putting the universal in Universal Prompt. We want to make sure it's simple for not just many, but for all people.

From the beginning, we did a lot to ensure our experience was fully accessible. Kaush Ganesh and our amazing Design Research team, for example, are intentional about getting feedback directly from people with disabilities. So whether it's someone that has a visual impairment or is hard of hearing or has a different medical or mobility disability, being able to talk directly with that person and observe as they use our product has been invaluable. We’ve been fortunate to have engineering and product partners that are very accessibility-focused as well. They've been eager to prioritize any changes that arise as a result of those sessions.

We've also created our design system in a way that is extremely simple, which has enormous benefits for accessibility. For example, the Universal Prompt has one type of back button. There's one main call-to-action button. By keeping our design system as lean and simple as it could be, we've had more time and energy to make sure those individual components are accessible from the ground up. Our in-house accessibility expert Colin Fulton, for example, had had time to review each component and be highly involved in our design process.

By keeping our Universal Prompt design simple and partnering with accessibility experts from the start, we are able to land on a more inclusive experience. One of our requirements for becoming generally available was that we were free of critical accessibility issues. There was massive collaboration between our research, design, and engineering teams to make that happen.

At Duo, we follow these values: being kinder than necessary, learning together, engineering the business, and building for the future. How did they impact your work?

They were everywhere. Engineering the business is spoken for. Being kinder than necessary shows up in so many areas of our work. Everything from proactively communicating this project to making sure we were seeking input and feedback early and often.

The whole purpose of the project is to be kinder than necessary to all the people using Duo. We want you to be secure, but we also want your logins to be simple and easy.

Learning together was the constant throughout every stage of this project. From early on, we learned how important it was to maximize inputs and go out of your way to seek advice, feedback, and data. That’s the best way to get a well-rounded perspective on your work. Also, we learned the importance of assigning clear ownership early on, making sure it's crystal clear who's responsible for what and how different pieces in sequence contribute to the greater project. All credit to Duo's culture which places learning together at its forefront. This isn't just unique to our project. It's something I've observed with all projects at Duo.

 

What makes Duo unique?

Hands down the healthy, resilient work culture. Here's how I picture it. The road to achieving a big mission like democratizing security is never perfectly smooth. In fact, it can be super bumpy at times. It's got all these weird twists and turns. But a great work culture is like having a really awesome all-terrain vehicle that you can drive with your teammates. It helps protect everyone as you take this hectic journey together.

From the start, Duo's always had a healthy, resilient work culture. We're a psychologically safe place to work. The people here allow for all the slips, mistakes, and failures that are necessary for innovation and growth. People at all levels of the company normalize failure, ask for help, share vulnerability, and give candid, loving feedback. All of these things make Duo a safe place and a great place to do your best work.

The journey continues

What’s next for Universal Prompt?

When you complete a redesign, it can be tempting to say, oh, it's done. It's over now. But the journey never really stops. It's kind of like remodeling a house. Now that we've refortified the foundation we're ready to start building upon that and enabling a lot of great new things on top of it. We're now looking to help enable some of Duo’s largest initiatives yet like going Passwordless and creating a more adaptive risk-based authentication experience. In terms of modernizing security, this is only the beginning.

 

What energizes you about your work at Duo?

One is the scale of the challenge ahead of us. It's going to continue to be more difficult to stay safe online. Bad actors are becoming more sophisticated and the stakes could not be higher. This presents us with a really big challenge when it comes to making our products secure, but also keeping them very simple. That excites me because I love big challenges. Second is being surrounded by a kind, supportive community. People at Duo are so genuinely caring. The energy here is positive and contagious.