Awesome. So, hi, I am Rachel Sung. I am a senior scientist researcher at Frown Hofer Institute in Germany. My focus is in socioeconomic research and the field of identity management and lately, over the last few years or five years, I've been focusing more also on the user experience side of things. And that brings me to what I will talk to you guys all about today, which is the best and worst practices, at least some of them of the user experience of digital wallets. So as one of the themes of this conference is digital wallets, I assume that many in the audience are a part of the various initiatives, organizations, or projects that are implementing different aspects of the digital identity wallets. And many of them have a user-centric approach. And while many of these pilot projects have a lot of cool and important technical functionality with high security and privacy for widespread adoption, that's not enough.
And this brings me to the importance of user consideration for adoption. And especially since many privacy friendly solutions do require that the user learns different new like interaction patterns or a a lot of work in processing new, new topics for them that maybe not always gives them the perceived benefits of why they need these, these new processes. This could also lead to the users just not adopting it. So the last few years I've been conducting a lot of various user studies and user research on digital wallets. Three of the main projects that have funded all of these research initiatives has been the decide project, which was a project that started in 2019 and 2020. So you can imagine that the digital wallet space was already very different back then to now, but we had, yeah, the opportunity to look at some of the newer SSI and decentralized identity management technologies around wallets at the start, so to say, where we did a lot of different user studies and also created prototypes where we also implemented or tried some of our designs, design guidelines that we, we came up with.
And this has all kind of been channeled into two of the current projects that I'm working on, the m gov for EU project. It's also another EU project under the Horizon 2020 grant initiative. And this one is focusing mostly on, yeah, the end users of mobile governmental services and of course digital, digital wallets. And then the other project that has sourced a lot of this of my research is the ones project, this is underneath the German National Wallet Pro. Yeah, wallet initiatives, the German showcase wallets. I'm sure there's a few of our other com competing friendly competition digital wallets for the German national wallet hopefully in the future. So of course we all have the same goal to develop a user friendly digital wallet that balances security, privacy, and of course user experience to get hopefully a full adoption one can hope. So I'll start off positively with presenting some the five best practices in the design of digital wallets.
I would like to give a a short disclaimer, just because there are five of them, it doesn't mean that that is all of them. There are plenty of other things that we could include into this list, but these are basically the five best practices that we found from our research. So I will go into detail for each one of them in case you missed it. So the first one is having an automatic backup. So regular backups, as we all know, should definitely be performed, especially when you're dealing with such personal data and credentials in a wallet. However, they should be automatic, like it should not be something that the user really has to think about manually doing. And having it automatic also enables the user to relieve their mental loan and to still have these FE features that are very important. So go automatic backups. The next is to have a user friendly securing of the wallet and its functions. So as the wallet of course handles very highly sensitive data, it's important to maybe remind or enforcing the user to have a secure and a sufficiently long passcode. And ideally in com combination with having a secure and user-friendly biometrics against unauthorized access as a fundamental security requirement. So we definitely recommend having a layered model of protection approach.
And next up is having a simplistic and modern design. So while most of us are probably passionate about identity management, I know it's a general statement. Unfortunately in our user studies, they aren't as passionate as us. It's more of a means of an end to complete a task or get from A to B. So the wallet itself should also just assist them in to getting from point A to B. They just wanna get there as quick as possible. So having a simplistic and a modern design will help to not distract them and yeah, encourage their way and to make sure that it's reachable and recognizable and bonus points if it's fun to use. Yeah. Okay. Number four, a quick launch of the application and overall responsiveness. So as I just mentioned, for many users the wallet is just a tool, so it should be very, yeah, seamless and maybe even follow the motto, keep it functional. So keep it as simple as possible and yeah, seamless. And number five, this one is kind of a tricky one, but yeah, offering tutorials or demos to educate the user. I would maybe adjust this to having just support of like for the users to understand maybe different aspects that could be confusing for them.
Tutorials we've had that experience that it's like hit or missed. So there's definitely the people who will see the tutorial, they'll do the tutorial right at the beginning, but then there's some that are like, oh no, this is, this is too much. I just wanna get to what actually I'm using. And then they just skip it and then they're confused later. And then if they have the opportunity to go back, they do so usually. So it's good to have these kind of like aspects of supporting the user to educate them or to inform them on different aspects as they wish. So having multiple ways to do this is usually useful, but also ideally the basic wallet function should be as self explanatory as possible. I know it's a lot to ask. Yeah. So now we're moving on to the seven worst practices in the design of digital wallets.
Okay. I'll let you guys take a picture. I guess these slides will be available online later. Yeah, so the first one, using technical language, while we may know what these terms mean, a lot of users are very confused or even skeptical when they see like credentials, claims, DIDs, seed phrases, they're, they actually start to distrust the digital wallets or the tools and then they don't want to use it. They're like, oh, what am I using? Like, and I'm supposed to put my personal data in here and I don't even know what this actually means. So they're not familiar and usually the user's also not really interested in looking it up on Google, even they just stop using it. So maybe try to avoid this or maybe come up with other terms that are maybe more relatable to the user. Of course, I'm not trying to go against transparency, which is also a really important factor, but maybe there's a way to inform them if they want to know, okay, what does this like maybe basic term mean?
And then you can use the technical language there. So yeah, anyways, so on to the next one, structuring the app according to the DID concept and not the established mental models of the user. So users are not yet familiar with the concept of verifiable credentials and the decentralized triangle of trust between issuers, users, and verifiers. So this leads to it not really being intuitive for them. And if the design doesn't match the mental models of the users, of course operating errors are probably going to occur as a result and therefore further hindering the adoption from the users.
Okay. Third worst practice is non-transparency or no explicit information for the user's storage of data. So even if the applications follow the SSI concept, and sometimes data might be stored still on a central or cloud servers. So we found that solutions often lack transparency or consistency in communicating this. And also this kind of confuses the average users of where is their data, especially the ones that are like actually actively looking to see where it's going or how it's being stored. So ideally the goal would be of course, to create an understandable way for the users to access and manage this backed up data.
So this is kind of reflecting one of the best practices, but we actually found this as a worst practice is little support for the users. So offering, yeah, various help sections or different ways to support the user in understanding these new processes is very, yeah, helpful in educating them or getting them on board to using such a tool. Yeah. Another big one is no recoverability. So most users have the expectation that they should, if they should come into any problems, so if they lose or break their phone that they should be able to recover it, right? Especially if it's something that has all of your data. However, we found in many wallets, they don't have this recoverability function yet. And this is definitely a very, a key function that should be, yeah, offered and offering recover recovery methods that are also unfamiliar or maybe more confusing could also lead to further complications. So it, it ideally would be something that is simple and familiar process to allow them to recover their wallets.
Okay. Another big one is no portability, so no wallet known to us. Feel free to prove me wrong. There I am. I'm hoping that all of these are wrong actually eventually as we grow in the digital wallet space. But yeah, so no wallet is known to us that so far can, has implemented a conveniently, a wallet that can conveniently transfer all accounts and credentials to another wallet. Yeah. So this is inconvenient and creates a lock in that the S s I concept actually originally claimed to avoid. So another challenge there. So users should of course be provided with something that's simple and familiar to be able to transfer all of their accounts and credentials to another wallet if they show, please.
Last but not least, we have backup methods that are insufficiently implemented. So wallets are often not highlighting the importance of creating a backup and more over the understanding of different forms of the functionalities can also create to confusing the user even further by including menno phrases and and whatnot. So yeah, this could lead to of course, more confusion from the user as we've seen in our, our studies and hopefully should probably be avoided. Yeah. So in conclusion, technical functionality and high security solutions alone are probably insufficient for adoption. So it's also, I would like to say very important to not wait until the very end to include user experience. Yeah, maybe these functions are confusing to the user, but always to have in mind how these functions will be implemented and how they will be actually applied and how the user will understand it. So there's a lot of different ways to include user studies, even in the beginning of development that will save a lot of time, effort, and money at the end. So you don't have to change it after something is already working or already through the development process. So I'll get off my soapbox shortly. Yeah. So of course understanding the users and their, their requirements are essential for the adoption of these technical solutions.
Yeah. So as I already disclaimed, this may not be a complete list, but it is a start. And actually all of these results are in a paper that I've recently published or will be published on June 15th. So here's a link to the website for the conference. Eventually there will also be the link for the paper. It's a public paper and it doesn't just include these best and worst practices, but it also includes design guidelines of how to better integrate it into technical solutions. So it's a little bit, it's a lot more detailed than this, so here's your sneak peek. But yeah, so with that, that's all I have. Yeah, thank you.
So thank you very much. Before we ask any questions, Don Thibo, who you probably know from a open id, he's a famous person, has just got a few words to say over to Don.
I'm sorry, if I could just interrupt the flow for a moment. I wanted to make a special note here that Ra Rachel is the winner of the Open ID Foundation scholarship to attend this
Conference. Thank you.
That scholarship program is meant to increase the diversity of our community and in particular, to reach out to the academic world to bring them into the conversation about the evolution of our marketplace and the people that we want serve. So for those of you that are interested in supporting the Kim Cameron award program, you can hear more about it tonight, but I just wanted to point out, I think that's very successful. Grant awardee.
Thank you. So over to Shikha further questions.
First, I would look towards the audience. Do we have any questions in the audience? Yes, sir.
Rachel, are you seeing in the work you are doing that people are planning for inclusion when they create wallets?
What do you mean by inclusion?
So are they designing the wallet to make sure it's inclusive and you'll be operated by everybody?
Ah, yes. Yeah. Typically this or, so, usually when I'm a part of a wallet project, we, we do have a set of user experience requirements and we always try to include many different types of users because of course, the wallet should be available for everybody of, of all different skill levels or backgrounds or age groups. And this is of course, is another challenge that should be included in user experience research. Thank you.
I also asked this question in online, so you can ignore that one. Okay. I was not completely clear on the protocol. Thank you for, for this presentation. There was one remark you made that puzzled me a little
I I am completely with you. If you say we need to mimic user flows that that end users can relate to. Yeah. But then you said, but the d i d concept is something that users don't get, and I think there are lots of problems with d i ds i, I I I believe they are mostly in, in the trust model space. Yeah. Not so much in the usability space because I, I, I feel that it's a very intuitive model that you go somewhere, get some sort of credential, and then at some point in time will them again to, to get a service. So I, I was curious what your thoughts are on, on that.
I think maybe there was a, maybe a, a brief misunderstanding. The concept itself, I'm not per se against, I'm just against like being so technical about it. Like if it just, if it helps the user get from A to B, that's great, but sometimes if it includes like the did phrases or things like this, this can be confusing for the users. So it was, it was more from that angle. So I think we're still on the same page. Cool.
Hey Rochelle, thank you for a very nice presentation, a comment and a question. My, my comment is that I think, and it really strikes me that none of the recommendations that you field have any, have any presence or, well, that's not correctly worded, I guess, in the current recommendations that the European Commission is writing for the implementation of wallets. So I think that's a really big challenge and a really big problem leaving, leaving all of this to the wallet developers, basically.
Yeah. I mean, oh wait, sorry, I don't, well,
No, that, that must remark not really the question, but I I, I, yeah, completely welcome your, your thoughts on that as well. Of course.
Yeah. Thank you. Yeah, so I wouldn't say that it's something only for the developers to consider, but I do think that the developers have a lot of power in, in this step or in this, the, the development of, of the digital wallet. So of course, it's, it's something that we all should carry with us or should have in the back of our minds to consider for the future digital wallets. Yeah. I, I know that we are, we are trying to get into more yeah, EU digital wallet projects and that there is some interest to include more of a user-centric approach, at least, which is a good step and usually also includes user experience research in these projects. So hopefully we can keep that up. But I agree with you. Great. O
Okay. Well thank you very much to Rachel.