Home

/

Admin & bookkeeping

/

2-factor login experience

Home

/

Admin & bookkeeping

/

2-factor login experience

Home

/

Admin & bookkeeping

Home

/

Admin & bookkeeping

2020

2-factor login experience

2020

2-factor login experience
Contributions

Product strategy

User research

Product design

Team

1 product designer

1 product manager

1 tech lead

1 front-end engineers

Overview

PSD2, a regulatory framework introduced by the EU, requires financial services to ensure customers access transaction data securely, meeting security standards and reducing payment fraud. For Pleo, this meant rethinking how customers authenticated across web and mobile, moving away from passwords toward a more secure and seamless experience built around biometrics and passcodes.

Approach
Understanding

Collaborated with Pleo's design, legal and engineering teams to understand the constraints and requirements needed to explore viable solutions within the boundaries of the regulation.

Understanding

Collaborated with Pleo's design, legal and engineering teams to understand the constraints and requirements needed to explore viable solutions within the boundaries of the regulation.

Understanding

Collaborated with Pleo's legal, design, and engineering teams to understand the constraints and requirements needed for designing secure yet simple login experiences product-wide.

Designing

Explored and prototyped experiences that integrated the security features available through the technology, including SMS codes and biometrics like Face ID, balancing compliance requirements with an experience that felt natural to use.

Designing

Explored and prototyped experiences that integrated the security features available through the technology, including SMS codes and biometrics like Face ID, balancing compliance requirements with an experience that felt natural to use.

Validating

Iterated on designs at various stages based on stakeholder feedback, moving back and forth between validation and exploration to refine the direction.

Validating

Iterated on designs at various stages based on stakeholder feedback, moving back and forth between validation and exploration to refine the direction.

Documenting

Collected essential information and design documents in Notion, while crafting stories in Figma to showcase diverse experiences for both web and mobile apps throughout the process.

Documenting

Collected essential information and design documents in Notion, while crafting stories in Figma to showcase diverse experiences for both web and mobile apps throughout the process.

Comms

Teamed up with product management to design communications: emails and push notifications signalling the shift from passwords to biometrics and passcodes, making sure customers understood what was changing and why.

Comms

Teamed up with product management to design communications: emails and push notifications signalling the shift from passwords to biometrics and passcodes, making sure customers understood what was changing and why.

Quality assurance

Ensured the implementation aligned with design decisions by running test party sessions with the whole team to identify improvements and reach the desired level of quality before launch.

Quality assurance

Ensured the implementation aligned with design decisions by running test party sessions with the whole team to identify improvements and reach the desired level of quality before launch.

Launch & feedback

The launch went well overall, with positive feedback from users adapting to the new authentication flow. Some parts needed reworking though. The remember me checkbox turned out to need its own dedicated step to avoid confusion, which led to further iteration post-launch.

Launch & feedback

The launch went well overall, with positive feedback from users adapting to the new authentication flow. Some parts needed reworking though. The remember me checkbox turned out to need its own dedicated step to avoid confusion, which led to further iteration post-launch.

Impact

Enabled Pleo to meet EU regulatory requirements introduced by PSD2, ensuring customers could access transaction data securely across web and mobile. By balancing compliance constraints with care for the user experience, the project delivered a smooth transition from passwords to biometrics and passcodes, reducing friction for users while strengthening payment security.

What happened next?

Over time, authentication and account security became part of the scope of the newly created Admin experience team, which took on the responsibility of evolving this area further.

PSD2, a regulatory framework introduced by the EU, requires financial services to ensure customers access transaction data securely, meeting security standards and reducing payment fraud.

PSD2, a regulatory framework introduced by the EU, requires financial services to ensure customers access transaction data securely, meeting security standards and reducing payment fraud.

Home

/

Admin & bookkeeping

More cases

2021-26. Pleo's design system – Telescope.

2021-26. Pleo's design system – Telescope.

2021-26. Pleo's design system – Telescope.

2021-26. Pleo's design system – Telescope.

2021-26. Pleo's design system – Telescope.

2023-24. Pleo's aesthetics uplift.

2023-24. Pleo's aesthetics uplift.

2023-24. Pleo's aesthetics uplift.

2023-24. Pleo's aesthetics uplift.

2023-24. Pleo's aesthetics uplift.

© Made by Martín, 2026

© Made by Martín, 2026

© Made by Martín, 2026

© Made by Martín, 2026