Eaze Passwordless Login
Eaze's login system hadn't been touched in years. We were still using the classic email + password combo while our customers had moved on to expecting one-time password (OTP) authentication everywhere else. The outdated approach was hurting us in two critical ways: security breaches from compromised passwords and a 15% abandonment rate at login that was costing us real money. I led the design effort to implement passwordless authentication using an OTP, resulting in an 11% increase in login conversion and $189K in monthly incremental revenue, one of the highest-impact projects in Eaze's history.
My role
Lead Designer responsible for the end-to-end experience. Designed the authentication flows, ran usability tests, and worked with engineering through implementation and A/B testing.
Problems
Security vulnerabilities - We experienced an uptick in sign-in related attacks from hackers using leaked email/password combinations from other breaches. Login friction - Our analytics revealed concerning drop-off rates:
- Only 85% of users who viewed the login page successfully logged in (15% abandonment).
- 11% of users abandoned the login process entirely after starting.
- 48% of users who initiated password reset never completed it.
- Support tickets for forgotten credentials were at an all time high.
Research & Discovery
Competitive analysis - My PM and I evaluated 10-15 competitors across delivery and other industries to understand emerging authentication patterns. The findings were clear: OTP-based passwordless login had become the new standard, particularly for mobile-first experiences. Customer insights - Customer calls revealed that one-time passwords were not just preferred—they were expected. Users were already familiar with this pattern from other apps, particularly on mobile (where 80% of our traffic originates).
Solution
After testing iterations, we landed on a simple approach:
- Single input field accepting either email or phone number
- OTP sent to the user's chosen method
- Resend functionality for failed deliveries
- Legacy email + password fallback (hidden behind a link to reduce cognitive load)
- Auto-fill support for both iOS and Android devices
Technical Challenges
Unverified phone numbers - We discovered thousands of legacy accounts with unverified phone numbers from a period when verification wasn't required at signup. Since these users had never placed orders (verification was required for purchase), we made the decision to remove these unverified numbers from our database rather than create a complex workaround. SMS provider reliability - Cannabis businesses face unique challenges with SMS providers who often suspend services without warning due to federal illegality concerns. This happened multiple times during my tenure at Eaze, requiring us to build robust fallback mechanisms. A/B test complexity - Our testing infrastructure could randomly reassign users between test buckets on subsequent logins, potentially showing them different flows during the test period. We had to carefully design the experiment to minimize confusion.
Experiment
Duration: 7 days
Sample Size: ~7,300 users per variant
Type: Fixed horizon A/B test
Confidence Threshold: 95%
Results
The numbers exceeded every projection:
- Login conversion increased 11.18%
- Password reset attempts dropped 88.80%
- Revenue per user jumped 10.60% ($189K/month)
- Checkout conversion improved 9.12%
Reflection
There may have been no need to re-invent the wheel for logging in, but there was still plenty of Eaze specific details that made every second of planning and every iterative change worth it to create the best login experience possible. The cannabis context added complexity around trust, provider reliability, and regulatory concerns that a typical e-commerce product doesn't face. But by focusing on user needs, we delivered a solution that felt effortless to customers while navigating our industry-specific challenges.
