Code Room
System designHardsd-g236
Subject Session managementLevel Senior–Staff~40 minCommon in Security interviewsIndustries Technology, Software development

Question

Design risk-based / step-up authentication for a fintech app: most actions need only a valid session, but high-risk actions (wire transfer, changing payout bank, adding a new device) require re-verifying identity (step-up to MFA), and the risk decision must consider signals like new device, impossible-travel geovelocity, transaction amount, and recent password change. Latency budget for the risk decision is ~50ms inline with the request. Walk through how the session carries auth strength, how the risk engine decides, and how step-up is enforced without a clunky experience.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.