top of page

Unifying Identity: Migrating legacy authentication for high-traffic e-commerce

A bit of context

The project was developed for a major Brazilian ticketing and entertainment platform that manages high-volume sales for large-scale events. I led a design squad of three (one Mid-level and one Junior) to tackle a critical business friction: account creation fragmentation.

The challenge

Our legacy system allowed multiple entry points, which caused massive account duplication and data inconsistency.

The project was a high-stakes collaboration between Design and Engineering. Our initial task was to understand the root cause of the support ticket volume and address it. This led to a plan to migrate the entire user base to a unique CPF-based* identity model, a process that involved intense technical complexity and required every single user to reset their credentials.

Role: Lead Product Designer

Period: 06/23 - 09/24

Team: 3 Designers (Lead, Mid, Junior)

Collaboration: High-sync with Engineering and Support teams

Impact: Successful migration of thousands of accounts

Core Tasks:

Design Strategy & Team Leadership

Research & Logic mapping

Information Architecture

UX Writing

High-Fidelity Prototyping

Frame 36889.png

The Discovery: Uncovering the Root Cause 🧐

Data-Driven insights & Strategic research

1. The Investigative Framework
To guide our discovery phase, we formulated four strategic questions to align our research with business goals and user needs:

Technical Logic: What does existing documentation reveal about current authentication rules?

Security: How can we enhance security and mitigate fraud risks within the flow?

User Voice: What are the primary user pain points and behavioral patterns on the platform?

Migration: How do we execute a secure user migration that minimizes support overhead?

2. Real Flow Audit
Our team conducted a deep dive into technical documentation and behavioral data to map how flows functioned across the app, site, and physical box office. We identified several critical friction points:
 

  • Support Dependency: We identified "dead ends" where users were forced to contact support to resolve simple access issues.

  • The Identity Gap: A recurring inconsistency occurred when combining Email and CPF data, particularly during high-pressure checkout moments.

  • Failure Point Mapping: We pinpointed the exact stages where errors were most frequent, causing login success rates to drop.

Flow Audit

3. Data Evidence

By cross-referencing qualitative complaints with GA4 quantitative data, our team validated the business impact of these technical hurdles:
 

  • The Checkout Trap: GA4 analytics revealed that 38.8% of users triggering the "Forgot Password" flow were already in the checkout funnel, resulting in high abandonment.

  • Access Barriers: Support data indicates that returning users frequently lose access to legacy email accounts, rendering password recovery impossible. This used to generate an average of 150 migration-related support tickets every 10 days.

  • Identity Inconsistency: Insights from tools such as Hotjar highlighted that inconsistencies in CPF or email records prevented users from completing their purchases seamlessly.

4. Looking at the industry

We analyzed direct ticketing competitors and major e-commerce players to evaluate industry standards for security and friction. Our key findings included:
 

  • Limiting Social Logins: Many players have moved away from social logins due to high recovery failure rates and lack of unique identity keys.

  • Multi-Key Authentication: Leading platforms adopt multiple access keys (like CPF) to ensure a single source of truth for user identity.

  • Security vs. Conversion: We found that successful platforms balance Second Factor Authentication (2FA) by implementing it at moments that don't compromize immediate conversion.

It was clear.

1. All users already provided their CPF during the purchase flow.

2. In our database, a verified identity was strictly tied to that document.

This led us to the Single Source of Truth concept.

The Strategy: Architecting a Unified Identity 🧭

Defining the Scope & New Authentication logic

First: Defining User Segments
To ensure a seamless transition, our squad mapped every possible user scenario. We categorized our massive user base into six distinct profiles to tailor the migration experience:

New Users

Those with no prior record in the system.

Legacy Accounts

Users who hadn't accessed the platform since 2017.

Incomplete Profiles

Users with registered emails but missing CPF data.

Offline-to-Digital

Customers who previously only purchased at physical box offices.

Third-Party Migrations

Users coming from social login integrations.

International Users

Non-Brazilian citizens without a CPF identity key.

The Core Solution: The CPF-First Model

Our team’s biggest strategic shift was establishing the CPF as the unique primary key for every account. This decision eliminated the duplication caused by multiple social logins and emails. The new logic implemented included:

  • Removal of Social Logins: Phasing out fragmented access points to prioritize security and data integrity. This was a significant trade-off, as it reduced convenience for the end user. However, since the previous practice was hurting our conversion rates, this change was necessary. 

  • Multi-Key Validation: Implementing a flexible login system where users could recover access via verified phone numbers or secondary emails. This was another trade-off we accepted to ensure the higher safety of both users and the company.

  • Dynamic Migration Flow: Designing a "reset and verify" journey that guided millions of users through a mandatory credential update without breaking the purchase flow.

image.png

⚠️ Data Privacy & LGPD Compliance 

To handle sensitive CPF data, our squad collaborated with legal and security teams to ensure full LGPD (Brazilian General Data Protection Law) compliance. We adopted a Privacy by Design approach, implementing secure encryption protocols to protect user data throughout the entire account unification process.

Inclusive Design: The International Flow

To maintain accessibility for foreign users, we designed a dedicated authentication path that didn't rely on the Brazilian CPF:
 

  • Passport Validation: Foreign users could register using their passport numbers.

  • Pragmatic Security (Manual Approval): Since international users represented a smaller segment, we implemented a manual photo-ID verification process.

  • Strategic Trade-off: This "human-in-the-loop" approach allowed us to maintain high-security standards and prevent fraud in the international segment without the need for costly, over-engineered automated tools for a lower-volume niche. Nevertheless, the workflow is designed to be scalable, allowing for AI implementation if international growth warrants it.

Low-Fidelity Validation

Given the magnitude of these changes and the critical nature of the user flow at this stage, we focused on rigorously validating the low-fidelity prototype. We tested these complex logic branches through comprehensive wireflows, which allowed our squad to:

Stress-test the logic

Mapping dozens of "edge cases" (e.g., users who lost access to both email and phone).

Align with Stakeholders 

Ensuring that the engineering team could feasibly implement the proposed account merging logic.

Iterate quickly 

Refining the 2FA (Second Factor Authentication) timing to minimize friction during ticket sales spikes.

The Final Solution: A Trust-First Experience

Delivering a Secure and Scalable Ecosystem

We designed the interface to minimize cognitive load during what was inherently a high-friction transition. We implemented a progressive disclosure model, initiating the flow with a single CPF input to dynamically identify the user's status and personalize the subsequent journey.

To mitigate the frustration of a mandatory credential reset, we prioritized high-trust microcopy, reframing the technical requirement as a proactive security enhancement. This strategic alignment between UI and communication ensured that, despite the complex backend migration, the frontend remained intuitive, transparent, and focused on maintaining user confidence throughout the purchase cycle.

Measuring Success: Post-Launch Results

Outcomes & Impact

✔️ Streamlining the Identity Journey
Our primary goal was to reduce the friction caused by the "Identity Paradox" (users with multiple legacy accounts). By unifying the database under the CPF, we achieved a more efficient authentication process, reflected in a drop of 6,3% in Sessions per User. This indicates that users are now reaching their accounts with fewer attempts and less frustration.

✔️ Reducing Recovery Friction
By establishing a unique identity key, we addressed the root cause of complex password recovery loops. The new architecture and redesigned recovery flow streamlined the process significantly, leading to a 65% improvement in speed for time spent on recovery pages. This ensures a much cleaner and more transparent path for the user.

✔️ Migration Success & Proactive Resolution
The account migration was an immediate success, with support tickets regarding identity conflicts virtually disappearing upon launch. The challenge, however, evolved. To support a segment of legacy users (approx. 5% of daily traffic) facing issues with outdated emails, our squad reacted quickly by reintroducing the Email Recovery module. This stabilized the ecosystem and ensured a high-trust experience

✔️ Operational Integrity & Scalability
The transition provided the business with a 'Single Source of Truth' for Brazilian user data. While international traffic remains a niche segment, the passport-based flow is also fully operational and scalable. This ensures the platform is structurally prepared for global expansion with zero technical debt regarding identity management.

bottom of page