Password 360

class project @ UC Berkeley School of Information

To incentivize people with risky online security behaviors to form better password management habits.
TEAM —

Ayo Animashaun, Ching-Yi Lin, Jing Xiong, Maggie Chen, Yejun Wu

MY ROLE —

︎ Research
︎ User Interviews
︎ Ideation
︎ Wireframes: Newsfeed & Accounts
︎ Mockup: Newsfeed

Keywords: Ditigal Security, Behavioral Economics, Habits

BACKGROUND —

Security of Personal Information

Passwords protect people’s accounts, which contain their personal information. While there are password management services like LastPass and 1Password in the market, people have surprisingly poor habits when it comes to managing their passwords, because:

Inadequate incentives to protect
Non-rivalrous
Externalized harm
Unknown harm from breach
Difficult to establish causality

How might we help people adopt better digital security habits using behavorial economics principles?

One of the important aspects of digital security is passwords to various accounts online. It is one of the first gatekeepers to sensitive personal information online, yet through our user interviews with 11 people, we found that there are a lot of room for improvement in people’s password management habits.

INSIGHTS —

Spectrum of Password Management Habits

Most people fall on the lower end of the spectrum, with a few exceptions of Password Manager super users. When asked why they use the same password for everything, here are people’s answers:

“I don’t have faith in my own memory (for complex passwords).”
“I have nothing to lose.”

TARGET USERS —

Two Ends of the Spectrum

We initially target people who are on the “unsafe” side of behavior spectrum, those with one password, using either autofill or mental recall to remember passwords. With Password360, they can see how their security practices impacts their families/loved ones’ security.

When we have more product adoption, people who are on the “safer” side can also be reached through existing users with poor or “unsafe” behaviors. These users can see where their family members are in terms of digital security. Once they adopt the product, they also can act as catalysts to push family members to join Password360 and adopt better habits.

PROCESS —

User Flow

Key customer activities include:

Store, retrieve and manage all their passwords
See how secure they and their family members are online
Get tips on how to improve their security
Get alerted when family members’ accounts have been compromised

Wireframes

From there, we built out wireframes for 4 key screens where users perform key activities like:

Invite or join a family
Add/sync accounts
View security scores of their own & family members’
Get updates about their family member’s account activities

Welcome screen:
Invite or Join

Manage Account

Security Score

Newsfeed

DELIVERABLES —

Password360

We aim to Improve password management habits to improve digital security and reduce potential for breach and privacy harms, especially:

Improve incentives to protect
Internalize harms to self and others
Quantify potential harms from breach
Surface notions of causality

Behavioral Economics principles used:

Thinking, Feeling, Constraints: We humans have feelings and emotions (surprise!)
Enactment Models: Develop community norms for certain behaviors
Intertemporal Choice: Our present self vs. future self think differently
Risk Behavior and Choice under Uncertainty: We are loss averse, and our risk preferences change based on if we are in the loss/gain domain.

Family Commitment

Join by invitation from family, or create an account and invite family members .

Manage Accounts

Manage all your accounts and passwords by categories.

Security Score

View your security score and your impact on others whom you care about.

Newsfeed

View family's real-time activities and alerts when a family member's account is breached.

Security Report

Receive a monthly security report by email on the status and changes in your personal and family security score.