A Trust Liability Turned Brand Moment — how a stalled, undefined login project became a governed system entry point for every cloud customer.
As the platform expanded its cloud offerings, the login experience became the primary entry point for customers accessing multiple products and tenants. Functionally, it worked — but visually and behaviourally, it lacked consistency, clear messaging, and polish.
The project had originally stalled in 2023 due to undefined requirements. Two years later, a simple mockup I created sparked renewed interest. I was tasked with a refresh — but I quickly identified that a visual update wouldn't suffice. The flow had logical gaps, ambiguous feedback, and inconsistent branding. I took ownership of rebuilding the login experience from the ground up: intuitive for users, rock-solid for engineers, and aligned with the Shield Design System.
User feedback, internal reviews, and my own audit surfaced critical problems across the authentication journey:
I approached this not as a single "redesign" but as a series of targeted refinements addressing each problem at the root cause.
I conducted a screen-by-screen audit to align the login journey with the Shield Design System. I standardized spacing scales across all screens to reduce visual noise, aligned header sizes, form labels, and helper text, and corrected focus and error states to meet WCAG AA standards. The result: the login flow felt like a stable, unified product rather than a collection of loosely related pages.
Users previously saw static messages that caused uncertainty. I reworked the authentication status to be explicit — "Signing you in..." — and paired it with a clear loading indicator. This directly addressed the support ticket pattern around users abandoning login assuming the system was broken.
Generic labels were replaced with specific, high-confidence CTAs: "Verify," "Send Code," "Reset Password." I added supporting microcopy under each action so users understood the consequence before committing. In security workflows, ambiguity is a trust problem, not just a UX problem.
The login experience doesn't start at the login page. I unified the visual language for "Forgot Password" and post-login "Context Switching" screens. I simplified copy to explain why a user might need to select a tenant. I eliminated unnecessary round-trips that forced users back to step one. I also added a portal dropdown in the Workforce Passwords UI to help admins distinguish which environment they were accessing — a real confusion point in multi-tenant setups.
I refreshed logos, product names, and alt text across all touchpoints — including invite emails and deep links. I also addressed the MFA confirmation screen: replaced static instruction text with a countdown timer for TOTP codes so users had a live signal on when to request a new one.
The second, more strategic layer of this project involved the login page's visual background — and a trust problem that went beyond copy and layout. User feedback had surfaced concerns about the existing side imagery: it felt dated, didn't align with the brand's evolution, and for security-conscious admins, the sudden URL change combined with an unfamiliar-looking page was raising phishing red flags. An engineering ticket explicitly called out that users were mistaking the new login page for a phishing attempt.
I authored SDS-5676, the Shield Design System story for updating the login screen background. I framed the requirements around six specific criteria that would make the login page durable and trustworthy:
During the cross-functional design review, I participated alongside the design lead, a product designer, and an engineer working through two layout options: texture-only versus background with a side image. I flagged that the side image approach carried compounding risk — imagery ages, requires repeated update cycles, and introduces visual noise that competes with the one thing users need to focus on. The decision the team agreed on was to remove the side image entirely and proceed with texture-only. This wasn't a rejection of the image concept; it was a deliberate deferral pending Marketing's brand direction confirmation.
I captured the full decision rationale in the Design Decisions Log — a structured documentation system I created to make design rationale discoverable and auditable for cross-functional decisions.
I initially treated the login screen like a standard form — using inline errors. I quickly learned that authentication errors come from the backend, not the UI, which dictated a shift to banner-level alerts. It taught me that design must reflect system architecture, not just visual conventions.
The project didn't stall because of bad design — it stalled because of undefined behavior. Once I mapped out the logic, edge cases, and error states, the path to production became clear. This reinforced that my role isn't just to make things look good, but to untangle complexity so the team can ship.
Not everything shipped in this cycle. The following items were documented and tracked before handoff: