The main focus of UX Yeah! is to share experiences, practical insights, learnings from real projects and trend analysis. In this post I want to talk from my experience working in the banking area in a project focused on improving security, one of the most critical pillars within this sector.
This project left me with several lessons that I consider valuable, especially for colleagues who work or want to work in digital financial products, where UX and security cannot go their separate ways.
Today, with the accelerated growth of artificial intelligence and increasingly easy access to tools to automate attacks or develop hacking projects, banks have been forced to pay more attention to digital security. This has prompted closer work between the teams of UX, product and engineering to strengthen authentication, password management and access control criteria, both in mobile applications and online banking.
During the research phase of the project, focused specifically on usage patterns and password creation, I realized that most banks in the Caribbean still use very old login and password management patterns.
This is, to some extent, understandable. Many financial institutions operate with outdated frameworks and technology stacks, and in the banking sector change does not happen quickly. A simple functionality pilot can take one or even two years, depending on internal bureaucracy, regulations and approval processes. Banking is certainly a very different ecosystem than a startup or a traditional tech company. But that doesn't mean it can't evolve.
Login
Even in 2026, we still find banks that maintain the username and password on the same screen. It's a pattern that has worked for years, but if we look at global companies like Amazon, Google, Gmail, X or even ChatGPT, we will see that the modern standard separates these steps.More than just a trend, this approach responds to. well-informed security and UX decisions, among them:
- Make automated attacks such as credential stuffing more difficult.
- Analyze suspicious behavior before requesting a password.
- Enable additional challenges (CAPTCHA, 2FA, contextual validations) between the user and password screen.
- Reduce unnecessary failed attempts.
- Prevent the user from “blaming” the password directly when the problem lies with the user.
- Validate the existence of the username before allowing the next step.
Separating the login flow not only improves security, but also enables smarter, more adaptive and less frustrating user experiences.
Password
Surprisingly, in 2026, we still see banks that have not refactored their processes of creation, validation and resetting of passwords.
Reports of most-used passwords continue to show dangerous patterns:
“123456”, “Password2024”, “Admin123”, “qwerty123” or even combinations with personal information such as birth dates, names of family members or pets that users expose publicly on social networks.
This type of practice seriously compromises customer safety. What can be done from the UX and product side?
Key recommendations:
- Communicate clearly to the user when your password is weak, acceptable or strong, using simple, visual and non-intimidating language. Security is also educated.
- Avoiding the use of personal information and limit, from frontend or backend, common or previously compromised passwords.
- Contextual reporting within the interface about the importance of a secure password and its real impact on account protection.
The password should not feel like a punishment, but rather a protection tool that the user understands and values.
Authentication
In the context of banking applications, the biometric authentication is no longer a flashy innovation but an expected standard. Fingerprint, facial recognition or device biometrics are no longer perceived as extra layers, but as a natural and invisible way to access sensitive financial information.
From a UX perspective, biometrics significantly reduces friction in one of the most sensitive moments of the journey: access.
Remembering complex passwords, repeatedly entering codes or facing unnecessary lockouts leads to anxiety, errors and abandonment.
Biometric authentication removes much of that cognitive burden and allows the user to focus on their real objective: consult, transfer, pay or manage your money without unnecessary interruptions.
Security in digital banking can no longer be designed as an isolated layer or as an obstacle that the user must “overcome.” In 2026, the most robust financial products will be those that understand that a good user experience is also a security strategy.
Separating login flows, educating about passwords, implementing biometrics intelligently, and designing systems that detect suspicious behavior without punishing the user are decisions born of UX as much as engineering.The real challenge for banking is not just to protect systems, but to building trust through clear, humane and consistent experiences. Because when security is designed well, the user doesn't feel it... he simply trusts.
