You own the user authentication flow for a consumer payments app. The current login path supports password sign-in and session tokens, and you are seeing increased account-takeover attempts against high-value users. Product wants to add a new authentication feature without weakening existing protections or creating a support burden.
How would you design the authentication feature end to end so it resists spoofing, token theft, and brute-force abuse while still failing safely? Walk through the controls, trust boundaries, and how you would verify the design works in production.
