Rakuten Rewards
Authentication Modernization
Redesigned fragmented login and sign-up experiences into a more consistent authentication system across web, iOS, Android, and regional markets.
Rakuten’s authentication experience had become fragmented over time. Different teams owned separate login, sign-up, passwordless, and verification flows, which created inconsistent UX, duplicated logic, and compliance risk across regions.
My Role: I led product direction and UX design for the authentication modernization effort, partnering with engineering, regional teams, Legal, and DevOps. My work focused on mapping the current-state experience, defining cleaner user flows, documenting edge cases, and creating designs teams could realistically implement across platforms.
The Problem
Multiple teams were solving authentication in different ways, which created a broken experience for users and more complexity for engineering.
Key issues included:
• Fragmented ownership: Separate teams maintained different auth flows with inconsistent UI, validation, and error handling
• Compliance gaps: GDPR, CCPA, social login, and regional requirements were not applied consistently
• Platform inconsistency: Web, iOS, and Android handled authentication differently
• Complex account logic: Passwordless flows, OTP, restricted states, timeouts, and verification rules were scattered across systems
• Compliance gaps: GDPR, CCPA, social login, and regional requirements were not applied consistently
• Platform inconsistency: Web, iOS, and Android handled authentication differently
• Complex account logic: Passwordless flows, OTP, restricted states, timeouts, and verification rules were scattered across systems
Designing the Authentication System
I used Figma to map and redesign the core authentication experience across regions and platforms.
What I worked on:
• Built end-to-end flows for login, sign-up, password recovery, OTP, and account verification
• Defined account states and edge cases, including passwordless, restricted, and full-access users
• Mapped global and region-specific account requirements
• Brought GDPR and CCPA requirements directly into the flow design
• Created UX documentation that engineering and regional teams could use as a shared reference
• Worked with Legal and DevOps to keep the solution realistic, compliant, and technically feasible
• Defined account states and edge cases, including passwordless, restricted, and full-access users
• Mapped global and region-specific account requirements
• Brought GDPR and CCPA requirements directly into the flow design
• Created UX documentation that engineering and regional teams could use as a shared reference
• Worked with Legal and DevOps to keep the solution realistic, compliant, and technically feasible
Key Design Decision:
We explored a single global account model, but it introduced too much complexity around regional consent, permissions, and compliance. We moved toward region-specific account handling so teams could support local requirements while still using a more consistent authentication experience.
Outcome
Helped move authentication from fragmented legacy flows toward a reusable, shared system. Teams could adopt more consistent login and sign-up experiences while still supporting regional compliance needs and platform-specific constraints.