Better Authentication
for Online Adults

How might we improve the digital authentication mechanism to better serve the needs of older adults?

UXR

Product Development

Project type: User Research, Digital Product Design & Development

Duration: Feb '20 - May '20

Collaboraters: Western Bonime, Olivia Seow & Azury Lin

Context

Most of the commonly available digital services were not designed through an inclusiveness lens. This is especially apparent with how online access management and authentication processes were designed.

We are told to use 'strong' passwords to keep our accounts secure, yet they are difficult to remember without storing them somewhere. Older adults often write their passwords on paper or rely on their loved ones for authentication. This leaves them incredibly vulnerable and dependent on others to conduct online activities.Studies have found that people over 65 are incredibly vulnerable to online scams and identity theft.

My team explored if there could be a better way to provide access management and authentication services to older adults, while making sure the solution is feasible, desirable & affordable.

Process

We developed the final concept in 3 stages as outlined below.

We collaborated throughout the process with tech clubs for older adults, activity centers and retirement homes. We observed the password management process for people of all ages and conducted in depth user interviews and usability studies. We also spoke to experts in cybersecurity, access management and inclusive design.

Findings

One of our key findings is that a good solution for this problem should rank high on usability, security and control metrics. Often we see solutions with 'minimal steps' in an effort to improve usability, however the lack of explanations over why certain data points are asked and how they will be stored can affect the solution's perceived usability and user control of their data.

We found that most older adults do not trust online data storage, which is why they would always decline push notifications from a browser to store their passwords. We started exploring what are the drivers of trust in access management and authentication solutions. Often these solutions appear as a 'blackbox' and do not explain clearly how sensitive data is stored online and how data leaks can be prevented. These solutions often behave poorly to edge cases (e.g. when accessing email from a different location, and often leave users locked out for long periods.

We explored three concepts that could potentially better meet user needs. All three explored alternatives to online password storage.

We landed on the concept of developing an email client as the main interface for access management, because:

Email is widely used as an online authenticator

Email is the most used online service by older adults

Email clients can be personalized and found significant room to improve the email experience

We also explored leveraging offline data storage to enable this authentication concept and evaluated its technical feasibility.

Final concept

Introducing BOLT - an offline password management tool that synchronizes with your email.

Business model, current traction, solution architecture and offline encryption are confidential. For more information please email mmurad@mit.edu