The client’s original MFA relied solely on email verification codes, which provided security but often caused friction for players who needed fast, mobile-first access to their accounts. Email delivery delays, inbox access issues, and rising expectations for seamless login experiences highlighted the need for change. The client set out to modernize its MFA by enabling its mobile app to act as an authenticator with push notifications and OTPs, while also supporting third-party authenticators like Google Authenticator and Duo. The timing was critical: with player growth accelerating and account compromise risks rising, the client needed a secure, player-friendly, and ecosystem-oriented solution that aligned with industry standards.

To meet these goals, the team extended MFA capabilities through a dedicated MFA Factor API, supporting lifecycle management of mobile MFA factors and TOTP verification. Integration with the client’s notification service enabled push-based approvals for login attempts, reducing reliance on email while providing players with a secure, mobile-first option. These changes ensured that the client could deliver a modern authentication experience tightly integrated with its player ecosystem.

Appliscale engineers, embedded across backend and client SDK teams, were key to delivering a unified MFA system. By taking an API-first approach and defining clear contracts, we ensured smooth coordination across multiple systems and anticipated every possible failure case to keep players informed and supported. This cross-team collaboration bridged gaps between backend APIs and client SDK logic, resulting in a cohesive, modern MFA solution that works seamlessly across PC, mobile, and console platforms.

The new MFA system has seen strong adoption, with players increasingly choosing mobile authentication as their primary method. This not only strengthened account security but also increased engagement with the client’s app ecosystem, making it a more integral part of the overall player experience. Security teams benefit from reduced account compromise risks, while product teams gain from higher app adoption and deeper ecosystem integration. Beyond immediate improvements, mobile MFA now lays the groundwork for future enhancements, such as discouraging unauthorized account sharing and expanding security features across the client’s growing platform.