My immediate thought was about their Authy Desktop app - looks and feels like a web app in a container. If someone gets access to that then boom, all your 2FA tokens are stolen.
> They wanted a specific sentiment for the site and this sentiment excluded 'professionality'.
I think sometimes people can be less trusting of the "professionals", and instead prefer something a bit more independent.
In a previous role we'd built some flashy new landing page + initial flow designs, highly polished, to replace some pretty ugly ones. Our customers were perhaps people who'd had bad experiences with some of the big brands.
As everything at the company was very data-driven, we put the new designs live in an A/B test with the existing ones. It didn't take long to get the statistical significance to prove that the old scrappy designs converted way better.
That was an eye-opening for me; Always done A/B testing where I can since then.
Time to find an alternative.