Utilizing UX in Understanding Biometrics Preferability
A while ago, one of our customers — I’ll call them “The Company” — was evaluating our technology and how our solutions could address some of their challenges and needs.
At the beginning of the process the testing was quite straightforward. Their engineering department communicated with ours and most tests were all about is it working, and how well our technology works, and is it stable, can they implement it into their products, is it an SDK, API or something else, etc.
Once all these answers were successfully answered and The Company confirmed that our technology and solution worked well, is stable and could provide what they need, their engineers implemented our tech into their product. The Company and our QA team tested everything, and confirmed it all worked great.
Now that it was implemented into their product, The Company had a serious dilemma. Since we provided six different biometric authenticators out-of-the-box, they didn’t know which ones they wanted, or which ones they liked. They were confused as to which ones to deploy to their users, which ones will users would like or hate, so they did what ultimately most companies would do, and gave controls to the end-user by enabling all six biometric authenticators hoping that people would enroll and use either all of them, or a subset of preferred ones.
The one thing they didn’t see happening is people getting confused, annoyed and frustrated with their newly upgraded app with all these fancy security features and so many different biometric modalities from which to choose.
They came back to us with a question of which modality they should deploy and restrict in order to fix the constant confusions and frustrations of their users.
As I always like to say, design is everywhere! And everything needs to go through a design process in order to better understand what people are doing, how they are doing it, why they are doing it, and how technology can help them do it better.
And so we launched a series of research for four different biometric modalities, mainly to understand what people know about biometrics, what do they think they are, and how they feel about biometric authentication.
Testing Methodology for Decentralized Biometric Modalities Preferability
General User Research:
- The first step was 20–30 minute user interviews via telephone with people who use smartphones, to learn how and where they utilize biometrics in their daily usage of their mobile devices.
- Then, we took to the streets, stopping people in the middle of the street with just few questions: Are you using biometrics on your device? If YES, then we proceeded to ask them how, for which apps, and why. Guerrilla style interviews allowed us to get more genuine and direct answers from people, since they were not expecting us and did not script their answers for optimal structure.
Customer User Research:
We created two types of approaches to identifying which biometric modalities the end-users would prefer using as their default method in The Company’s specific app:
- Group Approach: A designated group of test-pilot users were divided into four groups. Each group was assigned a different biometric modality and they used the app with only one biometric modality available to them based on their group. For the next month we tracked their usage of the app and introduced a Rating Screen after a biometric authentication that would appear randomly based on The Company’s decision. The screen had a five-star rating selection plus a 300-character limited input field for written feedback.
- Time Approach: This approach was a bit different, yet simple. In it we introduced all four modalities to the entire group for one week, then we turned them all off and introduced a single biometric modality for the entire group for just one week, and we changed the modalities each week for the next 4 weeks of the test period. We used the same Rating Screen approach of a randomly appearing inquiry after biometric authentication, and collecting star ratings and written feedback.
Why we did all this research?
We could have done just the General research and presented it to The Company so they could just adjust which modality to deploy to their users based on the findings. Or we could have done the tests with our customer and figured out what their users preferred.
But, we decided to expand our horizons and make sure we don’t only test and refine for a specific group of users, but rather identify general trends among the public and the targeted users.
By combining our findings from the general user research and customer user research we were able to identify the most preferred biometric modalities by people and more specifically by our customer’s users. Based on these results, The Company introduced only two of the most preferred modalities to their users and were able to successfully deploy the test-pilot, minimizing confusion and frustration and increasing app usability.
Biometrics are one of the most secure ways to authenticate, whether a user is tech-savvy or not. Our unique identifiers such as fingerprints, our eyes, or our faces are there and as simple to use as breathing. However, if technology introduces incorrect modalities for incorrect groups of people, or allows too many choices that might create confusion over which one is better and why, this can create negative sentiment about biometric authentication.
Companies must be careful with such technologies. One simple mistake of which modality is being deployed to which group of people, can cause the entire product to fail.
When deploying biometric authenticators, it is also important to know is going to use it and for what purpose. Accessibility is also a consideration. Visually impaired or blind people may have serious issues using eye recognition or palm recognition as their main authentication methods. Hearing impaired or persons who are deaf may be less able or unable to use voice authenticators, and the like.
The lesson for The Company, for us, and even for you is know your users, know how they will be using biometric authenticators, and in which instances!
