Copyright © 2025 Bryan Nguyen. All rights reserved.

Results

Within two months, I designed and launched multi-factor authentication for Moloco’s commerce media campaign manager. The rollout aligned with customer needs for stronger security and compliance. Following launch, we successfully onboarded three large clients, who gained confidence in the platform’s ability to protect their data.

Lessons Learned

Understand platform capabilities—not just design:

  • With limited data available, it’s critical to proactively uncover past pain points and edge cases related to MFA.

  • Many considerations only surfaced after designs were finalized and validation flows entered QA. These included existing edge cases, constraints within UI components, and necessary adjustments to make the experience functional.

  • Accounting for existing error states—such as session timeouts or users leaving during MFA setup—is essential. Close, early, and continuous collaboration with Engineering is key to addressing these scenarios effectively.

Mapped out end to end flow

As open questions began to surface, I mapped out the end-to-end MFA flow to connect all touchpoints and ensure a cohesive experience. Once the flow was established and aligned across stakeholders, I created detailed design annotations to support a smooth handoff to Engineering for implementation.

Moloco

2025

MFA Security

MFA Security

As Moloco’s customer base grew, the platform became an increasingly attractive target for bad actors. Multi-factor authentication helps protect advertisers by adding security safeguards beyond a basic password.

Problem

Several of our prospective customer accounts were previously compromised, exposing campaign budgets and sensitive performance data to unauthorized access. The campaign managers they had been using lacked multi-factor authentication, leaving them vulnerable.

Role

Senior Product designer

Responsibility

UX/UI

End to End Design

TOTP UX

Prototyping


Copyright © 2025 Bryan Nguyen. All rights reserved.

Research phase

I explored existing MFA TOTP UX flows across desktop applications to understand how other platforms onboard users into MFA before granting access to the campaign manager. After extensive research, I used GitHub’s MFA flow as a reference, as its UI closely aligned with Moloco’s and its UX met the PRD requirements. This process also helped me identify key gaps, which I flagged to my PM, such as the need for an MFA reset flow when both the password and authentication code are lost and to Engineering, including defining error validation criteria like timing out access after repeated incorrect MFA attempts.

Default

Error

Lock out

Mapped out end to end flow

As open questions began to surface, I mapped out the end-to-end MFA flow to connect all touchpoints and ensure a cohesive experience. Once the flow was established and aligned across stakeholders, I created detailed design annotations to support a smooth handoff to Engineering for implementation.

Conduct QA on Implementation

With designs finalized, the next step is QA, a critical phase to validate that both the design and UX hold up through engineering implementation. The team works through a checklist of expected behaviors and validation logic, reviewing the end-to-end experience to surface any breaks or inconsistencies before release.

Conduct QA on Implementation

With designs finalized, the next step is QA, a critical phase to validate that both the design and UX hold up through engineering implementation. The team works through a checklist of expected behaviors and validation logic, reviewing the end-to-end experience to surface any breaks or inconsistencies before release.

Mapped out end to end flow

As open questions began to surface, I mapped out the end-to-end MFA flow to connect all touchpoints and ensure a cohesive experience. Once the flow was established and aligned across stakeholders, I created detailed design annotations to support a smooth handoff to Engineering for implementation.