Relatively unheard to most folks in the early 2010s, password managers became big news after a succession of high-profile hacks got broad coverage in the news media. Suddenly, people who had long ago discarded password security advice in favor of sticky notes (and their grandparents) began to worry. Were their accounts secure? What did secure even mean?
Looking to capitalize on this burgeoning awareness, many firms geared up to fulfill the new consumer need for security. Lastpass and 1password are just a couple examples of commercially successful password managers, not including browser-based (and now mobile OS-based) technologies to assist in the process. Biometric security tools like Apple's touch and faceID blossomed in an era of identity theft paranoia.
There was one big area that these solutions typically eschewed: Identity Management. Ad blocking software developers were advertising ID management features, typically to a fairly tech-savvy audience—people who know what cookies are and may even be using a VPN to mask their browsing habits from their ISPs and advertisers. But outside of this audience, the public at large wasn’t sure what constituted good security practices.
Privowny, a French software development firm based in Aix-en-Provence, aimed to fill this gap. By providing a service that paired password generation and management, ad blocking, and identity management services. Privowny's name alluded to their aim: To Own your Privacy online.
Facebook scandals brought broad awareness and concern over the sale of users' personal data. Privowny's aim was to mask your own identity behind a platform that would give individual users the power to control and lease elements of their personally identifying information. Instead of allowing advertisers to continue profiting off of their information, users could instead leverage it as needed and profit from it. If it’s valuable enough for advertisers to pay for it, why are people giving it away for free?
Privowny sought to pair this long-term vision of privacy with a feature set that met the more immediate needs for ID theft protection tools. They found an investor in Assurant, the insurance agency based in Atlanta, who wanted to leverage the tool as a free identity protection suite for their phone insurance customers. Assurant brought in stable|kernel as a consulting partner to assist in the development of Android, iOS, and eventually browser plug-in UX/UI design and research.
Over the course of a year, working closely with the team in France, I developed messaging with a tech copywriter, conducted several stages of research (everything from personally conducted moderated in-person qualitative studies to agency-facilitated remote unmoderated prototype testing), consulted on naming and brand development, and personally led a one-week design workshop on-site in Aix-en-Provence to revitalize the user flows. There, we worked together to revise the design language of the software in order to achieve consistency across operating systems, all while striking a balance of tech and ease-of-use to hit as broad of an audience as possible.
hour-long in-person qualitative interviews with 5 different users at a testing facility in atlanta, GA who were screened and all possessed some knowledge of identity theft and password managers.
We also developed wireflows for a clickable prototype test and ran through 30 different moderated online tests to evaluate onboarding/signup process and sales messaging.
before/after android onboarding workshop revisions
From the start, Privowny and Assurant faced serious competition. In 2018 Apple's iOS platform was just beginning to incorporate native password management, and thus were beginning to put the brakes on several apps in their app store that they viewed as competitive. Lastpass, for example, found themselves in hot water for skirting around VPN settings Google's Android platform was also beginning to incorporate these features,
Furthermore, most consumers just didn't know what they needed. Although common understanding of privacy concerns was greater than it had ever been, folks still weren't grasping the difference between the different identity protection tools Privowny was offering -- and they were offering quite a few. While we advised Privowny to focus on a more focused tool set and a specific audience to get an initial foothold in the market, they believed their best course of action would be to sell themselves as an all-in-one tool to manage passwords, block ads, protect your browsing traffic, and more. And they would do this for everyone - tech-savvy, tech-wary, tech-indifferent. Professionals, grandparents, college students.
Designing a consistent user experience across desktop browsers and iOS/Android presented its own set of challenges. Browser-based plugins offer a ton of flexibility and power in terms of what they're able to do for user, but they come at a cost. Many users are suspicious of aggressively marketed browser plugins, recalling the many times they've served as gateways to malware that slowed their computers down. (Our research showed users were immediately turned off if added security came at any cost to speed of browsing). Users we tested with in 2018 indicated they were more immediately trusting of native apps, which if anything is probably just an indication of lower awareness of malicious applications. Platform restrictions meant we couldn't easily reach feature parity with iOS and Android, and the workarounds the Privowny team found were awkward for the non-techie crowd. Setting up the application on an android device could take anywhere from 10-15 minutes, requiring multiple hops back and forth between pages of settings to enable VPN certificates, for instance.
Research showed that the best chance we’d have of attracting users and getting them to stay would be to attract them to the simplest features first, and progressively disclose more advanced features as they got used to the tool. We focused on streamlining the onboarding process to reduce the biggest opportunities for friction and raise adoption rates.
Through the course of our year-long engagement we maintained our aim to produce software that worked well, solved a clear problem, and was easy for users to understand. Although our partnership got off to a rocky start, I was pleased to have the opportunity to visit the team in France for a week, and by the time we passed the torch back to them, everyone working on the project had grown to respect and appreciate each others’ offerings. Plus, I mean, I got to go to the south of France! Even with my high school level French and full-day workshop agendas, it was a treat to get to see a new part of the world.