A mobile authenticator for signing into Gazprom ID services. Millions of authorizations pass through it every day — and every SMS costs money. GID Key replaces SMS with TOTP and push notifications.
PROBLEM
The product was heading to release without onboarding — a new user opened an empty screen with no idea what to do. Without an added key the app is useless, so users go back to SMS. The business goal goes unmet. On top of that, in-app ads were being planned as a revenue stream — a model that directly contradicts the idea of fast, frictionless login.
The first CPO saw no reason to touch the product. Arguments didn't land until data appeared: competitive analysis, a Kano diagram, and prototyping results. The deciding factor was speed — the new version was twice as fast as the old one. After the CPO change, the new lead got interested in the findings himself, and the rest of the work was done together.


SOLUTION
First service onboarding
17 in-depth interviews revealed something unexpected: most new users had never added a service on their own — it was always done by an IT specialist. SMS wins not because it's better, but because it's predictable — users know where to find the code. The authenticator offered no such predictability. A competitive analysis of 9 products confirmed it: every single one greets users with an empty screen — no onboarding with first-service setup exists on the market.
After registration — immediately the "Connect a service" screen, not an empty home. Two paths: scan a QR or add manually. The instructions are built into the flow, not hidden in settings. The screen can't be skipped — there's no going back until the first service is added.
Comparative prototyping confirmed the hypothesis: average time to first login in the new version — 21.75s vs 45.33s in the old one. Participants completed the setup independently, without any prompts.



Manual Entry as an Alternative
For those who prefer entering data manually — an alternative screen with fields for service name, login, and secret key. Instructions for finding the key in a specific service are also included.


Push Notifications
The key barrier from research was predictability. Users choose SMS because they know where to find it. Push solves this: the code arrives on the lock screen — just like SMS, but without delays or duplicates. No need to open the app and search for the right service. Repeat login in the prototype: 0.40s vs 3.63s in the old version — on par with Google Authenticator.


Offline and Universal Search
TOTP codes are generated locally — no server connection needed. Universal search finds a service across keys, subscriptions, and the catalog simultaneously.


Holding Ecosystem
Authenticators with subscriptions are a failed model: all have negative reviews, users see paid access to a basic feature as deceptive. The working model is ecosystem-based: value first, extras later. Users see all their subscriptions — active and expired. An expired Rutube or Premier subscription is an entry point: from here you can go directly to the service and renew. Subscriptions sync automatically when signed in via Gazprom ID.


WHAT WE'LL MEASURE AFTER LAUNCH
Share of SMS logins — SMS currently accounts for a significant portion of all authorizations in the ecosystem. Every SMS costs money — reducing that share is the business goal. Hypothesis: moving part of SMS users to GID Key will deliver measurable savings.
Share of users who added their first service in the first session.
Time from first launch to first copied code.
Subscription conversion through the "Services" section. Traffic from GID Key to holding services.
Built in 2026 in 5 weeks.
See next: