Facebook security email redesign

I was the sole content designer for a year-long project to redesign Facebook’s security emails (accounting for tens of millions of daily sends), in collaboration with Product Design, Engineering, and cross-Meta stakeholders. The project led to fewer account takeovers, faster unlocking, and increased benign accounts MAU, and was featured in a Company Q&A and Facebook All-Hands.

Facebook security emails (e.g. login alerts, security codes) are critical to account access, but the designs were outdated, inconsistent, and unclear, leading users to not heed them and making it easier for hackers to take over their accounts.

The team brought me aboard to lead the content design strategy and execution for 40+ emails (accounting for >99% of total security email volume) owned by various teams.

Principles and design template

• I pored through UX Research and tests related to security emails and created a set of design principles.

• Rooted in these principles, my Product Design and I created a scalable security email design template, which we applied across the audit and continues to be leveraged across Meta.

Content changes

• I focused on making the content simpler, more action-oriented, and adding information we hadn’t shared before (e.g. what to do if the link expires).

• I partnered with the content designer overseeing all emails across Meta to bring the emails in line with Meta standards for subject lines, CTAs, etc.

• I added annotations to support localization.

Leading the design effort

• I secured approvals on all 40+ emails from all stakeholders.

• When our PM was pulled away on other priorities, I stepped in to drive execution.

• When a regulatory requirement arose, I quickly aligned a cross-Meta team on priorities and content updates for Facebook and Instagram.

• I tested the emails before launch, uncovered gaps, and collaborated with Engineering to fix them.

• The project exceeded the team’s goals, with fewer account takeovers, faster unlocking, and increased benign accounts MAU. Highlights include:

  • Fewer takeovers after redesigning one alert email, including subject line change from “Your recent Facebook login” to “Did you just login to Facebook with a code?”

  • Fewer takeovers after redesigning compromised account unlock email, including subject line change from “Someone may have accessed your account” to “Unlock your Facebook account”

• The work was highlighted in a Company Q&A and Facebook All-Hands.

• Redesigns were later scaled for a wider Facebook email audit requested by the VP of Facebook.