A surge in account takeovers (ATOs) by malicious actors led to a significant increase in compromised user accounts. To enhance security and rebuild user trust, my product manager and I collaborated on introducing a secondary authentication flow triggered when a login attempt came from a new or unrecognized device. When a new device was detected, users were prompted to verify their identity by entering a one‑time code delivered via SMS. This added layer of protection helped deter unauthorized access and reinforced user confidence in the platform’s security measures.