Evolution of LaunchKey Mobile

Mar 3, 2016 By Armando


Authorizations view with Mobile v1 Authorizations view with Mobile v2

LaunchKey has always been keenly focused on security. This is especially true for our mobile applications. LaunchKey's mobile apps are the gateway to authenticating users and authorizing access to applications and services. After years of hardening our mobile applications, they were due for a UI refresh. This was the driving force behind launching LaunchKey Mobile v2 on Android and iOS platforms [1].

Since LaunchKey's inception, we've striven to make our solutions as feature-rich and intuitive as possible. LaunchKey Mobile has matured over the years to incorporate more authentication factors, support for OTP tokens, additional device linking methods, security policies, and others while maintaining our steadfast dedication to security and privacy.

In 2015, LaunchKey focused on making the mobile platform platform more extensible via our white label product offering. LaunchKey White Label allows mobile application developers to embed LaunchKey multi-factor authentication (MFA) technology within their own mobile application. The utilization of a simple mobile SDK allows mobile application developers to provide their existing users with the highest level of MFA without the need to become experts in security and cryptography.

The latest iteration, LaunchKey Mobile v2, is a huge step forward towards making MFA available to the masses. A modern and easily understandable interface is crucial to helping users abandon the familiar yet archaic model of protecting their personal and financial information with the use of centralized password. Application interfaces are key drivers to technology adoption. This proved true the LaunchKey mobile application as well.

The initial user interface had some key issues:

  • Confusing user experience
  • Outdated interface
  • Unresponsive user interaction

In order to tackle those issues with both the user interface (UI) and user experience (UX), we chose Material Design [2] as the design guideline. Material Design would be used in conjunction with design best practices for each platform to make the application feel natural and familiar to users of each platform while having a common user experience across each platform.

The Solution

Authorizations view Tokens view

We trimmed the feature-set to the core functionality of our LaunchKey authenticator. We built the UI from the ground up to make a clear path on it’s proper usage and to focus on what was important no matter where the user was within the application.

We simplified the access to the primary functions available and added a more centralized navigation menu. And most importantly, we offer the user access to several help resources within the app: Frequently Asked Questions, links to guides, a link to our support website, and an interactive tutorial.

Updating the User Interface

Navigation menu

We made use of available Material Design libraries to achieve the design that we wanted. On iOS, this meant completely changing the layout of how the views were stacked to add the very useful navigation menu. While challenging, this design added an extra layer of protection to the app because external users cannot bypass any views that are essential for authorization requests, such as a view requiring a user to enter a security factor (PIN Code, Circle Code, etc.)

With this design change, we made sure that the app still maintains visual actions that are native to iOS users.

Simplifying the User Experience

PIN setup view Circle Code setup view

An example of a feature we implemented in LaunchKey V1 that was very confusing to our users was the “Lock Launch Pad” function. When turned on, it would block all incoming authorization requests. The navigation bar would turn red to indicate that this functionality was enabled but because users would not see their incoming authorization requests. This functionality confused users who believed that their app was not working properly. Because of this confusion, this feature was removed. The amount of confusion created by this feature far outweighed the protection offered. In this instance, less was definitely more.

We also changed a few of the guidelines when setting up security factors to increase security and make the process easier for our users. For example, while users can still set up 4-digit PIN codes, we have increased the maximum length of digits allowed when setting it up as a security factor. The Circle Code now utilizes haptic feedback on supported devices. The haptic feedback will generate a tiny vibration when hitting the hashes to inform the user a hash has been passed over. Users can also start from anywhere in the circle path for the Circle Code. The circle path itself was also stretched to the edges of the screen. It will maintain the dragging event when pressing the screen until lifted, which again, should improve the UX when interacting with the widget.

Educating the Users

Example request

The LaunchKey mobile application already had a tutorial. Unfortunately, some users were still having difficulty understanding the process of accepting or declining authentication and authorization requests.

To combat this issue, the tutorial was enhanced to include user interaction as a way of guiding the users through the process of accepting an authentication request. The new tutorial makes sure the users understand how to use the primary interface of the product before they can link it to their account.