Blog Team Design Prototypes Why Continuous Authentication

Week 21 - Sprint 6, Explaining the basics of Continuous Authentication, quickly

Back to basics

Last week we had some great results - both qualitative and quantitative insights. Nielsen (2000) and Co. says 5 is the ideal number of user tests for quick heuristics to work out the majority of kinks before diminishing returns. However, throughout the project, we’ve found a number of people that still don’t understand the full implications of continuous authentication, even after talking for an hour and a half about it. Our main theory is the “continuous” aspect of it is the hardest to understand. The current common mental model is that authentication is binary, you put in a password or use your fingerprint to log in. You either are logged in, or you’re not. The mental model we want to develop is that authentication is a gradient, you’re always logged in to some degree.

So this lead us back to a critical issue and the question leading this sprint. How do you communicate a complex concept like this, to a credit card user who just wants their card to work with minimal thought?

Question for the sprint:

How do we communicate what is Continuous Authentication, how it works, and what value it provides?


For these short one week sprints we’ve found it especially helpful to split into two teams of 2 and 3 each. This way we get two parallel ideas with possibly a few prototypes of each to test. Our two tests this week both centered on this basic communication problem but in different media: A concept video to hone our explanation of the concept, and another iteration of the onboarding UI through a bank app.

Concept Video

We thought a video could be a great way for us to concisely script the explanation we give to anyone who asks, “Hey, what are you working on with that capstone project?” We discussed back and forth what the difference is between a concept video and a commercial. We had some very creative ideas - ranging from a story about hikers on Mount Everest, to people walking around with virtual vaults behind their shoulders, taking cues from Harry Potter. In the end we went with a basic conversational piece like you would explain the concept to a friend, due to the need to explain many parts of the concept directly, time and ease of filming. Writing the script to make it feel natural was no small feat!

This video ended up being a great part of our user tests later in the week.

Onboarding UI

We've already fielded a few versions of the onboarding UI in different contexts before, but are continuously (no pun intended) honing the messaging. One question specifically here is how much do people actually want to hear about the ins-and-outs of the data collection versus just signing up for something that will me more secure overall? So we tested three options:

  1. Only one sign up option. Are you in? Yes or no.
  2. 4 options - You get to toggle to opt in to NuData's 4 "layers"
    1. Device Intelligence
    2. Behavioral Analytics
    3. Passive Biometric Verification
    4. Behavioral Trust Consortium
  3. 4 plus more - The above four options with even more granular toggles for specific parts of each.

Merchant Checkout Flow

We also gained insights on the merchant side with a checkout flow for Pizza Hut’s mobile site. This tested a few items from how users may feel if merchants opt in for them and it just works, to being pushed back to their banks, and the ideal flow after they opted in.

For the most part this sprint switched the focus back to security, but we also had a good number of comments about users seeing the convenience benefits too.

Our User Testing Plan

This time, with input from Raelin Musuraca, a faculty advisor and Client Research Strategist at BNY Mellon, we approached our user testing a little differently.

In the past, we would show users all of our prototypes in the same order. We got great feedback, but we never thought about how the feedback might be affected by rearranging the order in which people interact with our prototypes. This time, we decided to show different users different prototypes first.

With this round of testing, we had three categories of prototypes we had to test:

  1. The video,
  2. The Onboarding UIs (3 different versions),
  3. The Pizza Hut Checkout Flows (3 different versions)

We had a great range of people we user tested with this week: an undergrad in their early 20s, an unemployed person in their 30s, a older lady in her 60s, and a young professional in their late 20s. We decided to take our user test participants through different sequences. Some saw the video first, others onboarded through the Citibank prototypes first and saw the video last, and others went through the Pizza Hut checkout flow first, using continuous authentication to pay before they really knew what it was.

User Test Findings

Overall, we really succeeded in communicating what continuous authentication is. People understood the benefits to security (which didn’t fully come through in the past) as well as the convenience aspects.

All our participants were positive towards the technology - we didn’t find users being creeped out as they have been in the past (for example while interacting with our Lemonade Stand prototype). This may be due to these users understanding how the technology works much better than past participants.

The video proved beneficial for all our users on Friday, either clarifying the concept they had of continuous authentication, or confirming it. It may be slightly long however, which may be a detriment and we’re looking into ways we can condense it, or reshoot.

We did face some issues with the Pizza Hut checkout flow, not getting much feedback from users while testing. We may have to conduct an internal heuristic evaluation and tweak it before further testing.

Next week: New York City!

Next week will be super exciting - we are going to the Big Apple! We have the privilege to visit Mastercard’s Digital Payment and Labs group in Union Square. For two days we will be getting feedback on our prototypes, hosting expert interviews to explore business, tech, and design issues, hosting codesign sessions with various teams.

So far it seems like our deliverable for the end of the summer will be an example of onboarding for this continuous authentication service as well as examples of implementation for merchants and banks. This could change very easily but it’s what we’re going with for now. Next time you hear from us, it’ll be from NYC!