User Experience and Information Security Implications of Digital Identity Wallets

Abstract

Digital identity wallets allow users to store their digital identities and verification documents, such as ID cards or passports, in one place on their devices. However, research shows that digital identity wallets have significant user experience (UX) and information security (InfoSec) problems. Users often have difficulties understanding the functionality of digital identity wallets, leading to instances where personal information is inadequately stored or shared with untrustworthy parties. In addition, UX and InfoSec can negatively influence each other. Therefore, it is important to consider UX and InfoSec together during evaluation and improvement. In this paper, we first present a UX evaluation in which 24 test subjects tested a prototype with a digital identity wallet to exchange credentials with a mobility platform. 4 prototype variants were evaluated, which differed in terms of their authentication method. The idea behind the division was to create situations where the mutual implications become visible, that is, where UX impacts InfoSec, and vice versa. We present the main UX evaluation results, which were obtained by applying the evaluation methods of thinking aloud, eye tracking and two questionnaires, in order to initially gain important UX evaluation insights of the prototype variants and the prototype as a whole. In addition, we discuss InfoSec implications derived from the UX evaluation results through discussion with experts in the field of InfoSec and usable security.

Publication
14th International Conference on Information Communication and Management. ICICM 2024. Paris.