Rakuten Rewards
Authentication Modernization (Product Design + PM Leadership)
Redesigned global authentication flows across regions to improve consistency, compliance, and scalability.
Rakuten’s auth system had become fragmented over time. Different teams owned their own login and sign-up flows, which led to inconsistent UX, duplicated logic, and gaps in compliance across regions.
My Role: Led product direction and end-to-end UX design for authentication, working closely with engineering and regional teams to align flows across platforms.
The Legacy Problems
• Fragmented ownership: Multiple teams building separate auth flows with inconsistent UI, validation, and error handling
• Compliance gaps: Social login and regional requirements (GDPR/CCPA) applied inconsistently
• Platform inconsistency: Web, iOS and Android all handled authentication differently
• Complex account logic: Passwordless flows and verification states (OTP, restrictions, timeouts) were scattered across systems
• Compliance gaps: Social login and regional requirements (GDPR/CCPA) applied inconsistently
• Platform inconsistency: Web, iOS and Android all handled authentication differently
• Complex account logic: Passwordless flows and verification states (OTP, restrictions, timeouts) were scattered across systems
Designing Global Authentication (Figma)
Designed a global authentication system to support cross-region usage and compliance.
What I worked on:
• Built end-to-end flows for login, sign-up, password recovery, and OTP
• Defined account states and edge cases (passwordless → restricted → full access)
• Mapped regional differences for global vs. region-specific accounts
• Brought GDPR/CCPA requirements directly into the flow design
• Worked with Legal and DevOps to make sure everything was realistic to implement
• Defined account states and edge cases (passwordless → restricted → full access)
• Mapped regional differences for global vs. region-specific accounts
• Brought GDPR/CCPA requirements directly into the flow design
• Worked with Legal and DevOps to make sure everything was realistic to implement
Key Decision:
We explored a single global account model, but it introduced too much complexity around regional consent and permissions.
We moved to region-specific accounts to simplify compliance and reduce system risk.
We moved to region-specific accounts to simplify compliance and reduce system risk.
Outcome
Centralized authentication into a reusable system, replacing fragmented legacy flows.
Teams could adopt shared login and sign-up experiences without breaking regional requirements.
Teams could adopt shared login and sign-up experiences without breaking regional requirements.