Why you Have Security Issues in your Design

The common theme: the login.

Sometimes companies are trying to make things too easy. I’ve seen issues like one password field when the user is making a new password that isn’t verified with a second field. This puts a loop of the user repeatedly resetting their password, getting frustrated, and resetting the password again.

It also compromises their security in that, if I were to reset the password, they wouldn’t be able to tell the difference.

A second theme: insufficient verification when a user changes a login email, or phone number. That means if someone changed your number, you wouldn’t know about it.

Third, inadequate handling of these kind of high-risk incidents. Most companies have a nameless, faceless customer service system that ignores the fact that many accounts can be compromised by the time you reach customer support. Additionally, I have even seen it designed so that you need to login to reach customer support, meaning that if you can’t login because your account is compromised, there is nothing you can do.