Higher-Security Signup Flow

Add OTP method
Home page
Add authenticator app
Basic details page
Add password method
Login flow in Excalidraw
Various flowcharts in Excalidraw
Sign up flowchart
Orkes workflow

Inspiration

We were inspired by many things such as Google Authenticator, the Duo Authentication app, Yubico’s Hardware Security Keys, and we combined all of these ideas into one big idea for our solution.

What it does

On the signup or create an account page, the user would be procedurally taken through a list of secure authentication methods, presenting the most secure methods first, then the second most secure, and only offering the least secure option (password-based authentication) if they are unable to set up HSKs, passkeys, an auth app, and even OTP. The function of this is that it avoids low security solutions like passwords and encourages higher security options like hardware security keys.

How we built it

We began by conceptualizing the authentication flow by sketching out the main idea and framework on Excalidraw. Once the basic structure was in place, we moved to the development phase, coding the flow using HTML, CSS, and JavaScript to create a basic prototype. We first focused on building the sign-in page, presenting authentication options clearly and making sure they were functional. After that, we moved on to creating the sign-up page, allowing users to create a mock account. From there, we implemented the sequence of authentication methods, recommending the users a list of secure options, starting with the most secure and falling back to less secure methods if necessary. The website is published on GitHub Pages and is live at https://lraj22.github.io/cui-ctc-2025/.

Challenges we ran into

Figuring how to implement Orkes into our project was a challenging task, as the Orkes workshop was quick and we had difficulties figuring out what blocks to use in our Orkes workflows. But in the end, we used Orkes to make a workflow for our approach and it all worked out. Combining all of our ideas into a single idea was also challenging, because it took some time to compromise with each other the best features to implement. For example, Amogh thought of CAPTCHA and Lakshya thought of security keys. In the end, we compromised and worked together to add all the features into one solution that works best.

Accomplishments that we're proud of

Creating the mock up was our proudest accomplishment. Additionally, being able to integrate Orkes into our project was a big accomplishment as well as it allows us to draw out the path of how data is transferred from the user to the website to an AI program to a Discord webhook.

What we learned

We learned a lot more about cybersecurity through the project especially on the limitations and drawbacks of many new authentication methods. We learned that while newer methods like hardware security keys and passkeys offer better protection, they also have drawbacks in terms of widespread adoption, accessibility and device compatibility.

What's next for Higher Security Signup Flow

In order to make the app more suitable for user use, we want to add more methods of user access, such as Sign in with Google. Additionally, integrating the Orkes flow into the site would be a future goal, encouraging safer methods of login, influencing a positive impact.

Built With

Submitted to

2025 Crack the Code Hackathon @ Concordia University Irvine

Created by

I work together to create the concept of our solution and wrote the write up

Hung Nguyen
I helped think about problems related to authentication such as stealing devices/info and password fatigue, and came up with the CAPTCHA idea.

Amogh Adluri
I did the coding for the mockup!

Lakshya Raj
Ian Lee

Updates

Hung Nguyen started this project — Mar 23, 2025 06:48 PM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.