Security by Design: Balancing UX with System Integrity

Securing user data and preventing financial loss through "Intentional Friction"

The Hidden Cost of "Seamless" UX

Our user-centered frictionless "Account Creation" and "Password Reset" flows were inadvertently creating major security gaps. By providing specific feedback (e.g., "This email is already in use"), we exposed the platform to:

  1. Enumeration Attacks: Hackers harvesting our user database.

  2. GDPR Violations: Accidental disclosure of user data.

  3. EDoS Attacks: Automated bots triggering expensive welcome SMS messages, creating financial risk.

Implementing "Intentional Friction"

I redesigned the authentication flows to prioritize system integrity over convenience. We shifted logic to the backend and standardized the interface:

  • Generic Messaging: All users now see a uniform "Check your email" prompt, regardless of whether an account exists.

  • Unique Links: The system routes a "Log In" link to existing users and a "Verify Account" link to new ones.

  • Improved Defense: Integrated Cloudflare Turnstile and rate limiting to neutralize brute-force attempts.

The Hidden Cost of "Seamless" UX

Our user-centered frictionless "Account Creation" and "Password Reset" flows were inadvertently creating major security gaps. By providing specific feedback (e.g., "This email is already in use"), we exposed the platform to:

  1. Enumeration Attacks: Hackers harvesting our user database.

  2. GDPR Violations: Accidental disclosure of user data.

  3. EDoS Attacks: Automated bots triggering expensive welcome SMS messages, creating financial risk.

Implementing "Intentional Friction"

I redesigned the authentication flows to prioritize system integrity over convenience. We shifted logic to the backend and standardized the interface:

  • Generic Messaging: All users now see a uniform "Check your email" prompt, regardless of whether an account exists.

  • Unique Links: The system routes a "Log In" link to existing users and a "Verify Account" link to new ones.

  • Improved Defense: Integrated Cloudflare Turnstile and rate limiting to neutralize brute-force attempts.

Protecting the Vision

During final QA, a critical misalignment occurred: the QA team flagged our intentional ambiguity as a "UX bug" and attempted to revert to specific error messages.

I halted the release to realign the cross-functional team on security requirements, and successfully advocated for the "friction" necessary to maintain data privacy.

Protection Over Convenience

By choosing security over standard usability shortcuts, we achieved:

  • Platform Security: Effectively blocked data scraping by competitors and bot-driven SMS costs.

  • Higher Lead Quality: Improved the Sales department’s pipeline by filtering out low-intent, automated sign-ups.

Closing Remarks

Note to self: Sometimes a designer’s highest value isn't "delighting" the user, but protecting them.

Closing Remarks

Note to self: Sometimes a designer’s highest value isn't "delighting" the user, but protecting them.

Other projects

Global Shopping, Local Prices: The "Buy For Me" Experience

An automated personal shopping platform designed to bypass international price discrepancies and maximize tax-free savings

Navigating the De Minimis Crisis

Designing a real-time duty calculator to eliminate shipping delays and tax uncertainty

Bringist Panel: Optimizing Global Shipping Costs by Consolidating Packages

Maximizing international savings through virtual PO boxes and package consolidation

Arman Kırım

Projects

About

Resume

LinkedIn

Copyright 2026 by Arman Kırım

Arman Kırım

Projects

About

Resume

LinkedIn

Copyright 2026 by Arman Kırım

Arman Kırım

Projects

About

Resume

LinkedIn

Copyright 2026 by Arman Kırım