Code Room
System designMediumsd-g238
Subject AuthenticationLevel Mid–Senior~35 minCommon in Security · Networking & APIs interviewsIndustries Technology, Software development

Question

Design the multi-factor authentication and account-recovery subsystem for a 200M-user identity provider supporting TOTP authenticator apps, SMS/voice OTP, and hardware security keys, with brute-force and credential-stuffing protection, and a recovery flow for users who lose their second factor. The login path peaks at 100K verifications/sec. Walk through how factors are enrolled and stored, how verification stays fast and abuse-resistant, and the security trade-offs in account recovery.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.