Overview
BA was 14 months into trying to launch MFA. Real disagreement between cyber security, tech, and product had stalled the project, every function had a defensible position, and "no decision" had become the default outcome. Customers were still without modern account protection.
I was brought in to unblock it.
How do we ship MFA that protects customers without breaking trust in the login experience, and get five business functions to agree on the path?
TL;DR
Took a 14-month stalled project to first design decision in 4 days
Aligned 5 business functions on a shared customer-first plan
Shipped to production in 6 sprints
Caught a critical usability flaw in pre-launch testing before it reached a single customer
My contribution
Product Design
Facilitation
Expert Interviews
The team
1 × Product Manager
1 × Product Designer
6 x Business stakeholders
Year
2023
Process
Why it had stalled
The disagreement wasn't dysfunction, it was three legitimate priorities pulling against each other. Security wanted maximum protection. Tech wanted feasibility inside existing infrastructure. Product wanted minimum impact on conversion. None was wrong; all of them couldn't simultaneously win.
The job wasn't to pick a winner. It was to surface the tradeoffs so the org could commit.
A 4-day decision sprint
I ran a modified Design Sprint structured around three workshops:
Alignment — map the problem, surface the disagreements, agree the goal
Solution — generate and converge on a single approach
Decision — commit to the path and the tradeoffs each function accepted
Day four was prototyping and moderated user testing.
The unlock was doing the conflict work before the workshop. I ran expert interviews with each stakeholder one-on-one, so I went in knowing every position, every red line, every soft spot. The room became a place for converging, not arguing.
The synthesis from the stakeholder interviews.
A closeup of the map exercise from day 1 of the sprint.
The 2 year goal, sprint questions and the area of focus for the sprint.
The concept gallery heatmapping.
A screenshot from the moderated user testing conducted.
A hero image of the final outcome.
Outcome
What customers told us
All participants completed the MFA task. The core flow worked
Strong appetite: every participant spoke positively about MFA finally arriving at BA
The "nominees" feature (a trusted contact who could receive codes) was opted out by every participant, the explanation was too complex, the mental model was wrong
The nominees finding was the most valuable output of the sprint. We scoped it out of v1 before it shipped, saving the engineering build and the support load that would have followed a confused launch.
Impact
14 months of stagnation → 4 days to first decision
5 functions committed to a shared plan
MFA shipped to production in 6 sprints
A usability landmine caught before customers met it
What I took forward
Stalled projects are usually unnamed tradeoffs, not bad people. Surface the real disagreement and the room unsticks itself.
Do the conflict work before the workshop. One-on-one expert interviews mean the room is for converging, not arguing.
Test the explanation, not just the flow. Users completed every task but couldn't articulate one feature. That's the difference between usable and understood.