iAM Smart App Digital Identity Project - HKSAR Government

The Registration Conundrum: Security vs. Usability in Government Authentication Apps

Unlike a commercial product that prioritizes usability and business value, this government-initiated project prioritizes security over usability because it concerns the digital identity of all citizens.

This case study focuses on the registration process of an authentication app that allows Hong Kong citizens to use the government-verified digital identity to access different online services.

Role.
Senior UX Researcher

Team.
Ping An Technology Experience team
1x Senior UX researcher (Shanghai)
2x Interaction designer (Shenzhen)
2x UI designer (Shenzhen)

Scope.
Service design - kiosk flow | counter flow
UX Research - Workshop facilitation | User interview | Research analysis
UX design - Usability test | Prototyping
UI design - Handling accessibility | User flow

Overview.

I worked as a Senior UX Researcher, hired by Ping An Technology as a vendor on an electronic identity project for the HKSAR government. I joined the team mid-project and took on key responsibilities, including preparing and facilitating co-design workshops with diverse users aged 11-75. The co-design workshop involved usability testing and in-depth interview sessions to ensure seamless user experiences.

My objectives were two-fold: to enable users to register and utilize the app effortlessly, free from friction, while also gathering valuable feedback from top management to inform improvements and enhancements to the app.

Background.

In 2017, the Hong Kong government introduced free electronic identities for residents through various digital infrastructure projects. The iAM Smart app serves as a single sign-on platform, addressing issues such as password fatigue, forgotten credentials, and authentication challenges.

iAM Smart offers user-friendly features like auto form-filling, customizable notifications, and digital signing with legal backing, making it easier for citizens to access online government and commercial services securely and seamlessly.

User Challenges.

How might we design a registration experience for government authentication app that is universally accessible to users with varying levels of digital literacy, across different ages, and particularly for those with disabilities?

Different methods to hold and scan the id card
Co-design workshops discovered the 2nd method, which can avoid the light reflection on the id card.

Business Challenges.

How might we design a project governance framework that streamlines communication and approval processes across multiple departments and levels of management within the government? (efficiency office, OGCIO, Immigration department, Legislative Council)

How might we navigate and influence product marketing and branding decisions for the project, given limited direct access to stakeholders and a separate agency responsible for these functions?

Mismatch branding style between the app and the marketing materials
Different vendors work on different marketing materials for this project without any design guidelines

Research.

Ensuring User-Friendly Design

To cater to users across various age groups, I aim to create an intuitive app experience that empowers individuals with limited mobile app knowledge to register and use the app seamlessly.

Usability Testing and Prototyping

  1. ID Card Scanning: Conduct usability tests on different ID card scanning prototypes inspired by best practices from virtual banking apps.

  2. Face Recognition Process: Conduct usability tests on various instruction and visual cue combinations for the face recognition process, ensuring optimal clarity.

  3. User Description of the App: Conduct in-depth interviews with diverse age groups to distill a precise description that helps the general public understand the app's purpose.

Collaboration and Testing

  1. Government Department Collaboration: Facilitate open communication between government departments and the tech team to ensure everyone understands the technical limitations affecting the registration phase.

  2. Offline-Online Registration Flow: Conduct role-play sessions in kiosks and tablet environments to guarantee a smooth offline registration experience that integrates seamlessly with the online flow.

12*Codesign workshop (focus group & usability test) from 12-75 & kiosk testing with disabled

Research insight.

ID Card Scanning Challenges

Despite design iterations, users aged 40+ struggle to complete the ID card scanning process, with some failing to proceed due to technical issues.

Design Variations and Performance

  • Gender-based differences: Male users perform better with a 3D indicating spot, while female users prefer using a frame.

  • User frustration: All age groups express difficulty with taking three shots of an ID card from different angles. However, after understanding the app's purpose, they acknowledge the process as essential to prevent identity misuse.

Face Recognition Issues

  • Inadequate instructions: The one-gesture instruction for face recognition ("turn your head to the left and back to the centre") leads to technical difficulties.

  • Insufficient AI capabilities: The system struggles to recognize users who turn their heads too quickly or excessively, causing eye-tracking issues.

Citizen Behavior and Expectations

  • Low adoption of online government services: Citizens are hesitant to use the one-stop platform "mygov.hk" and instead directly access individual service sites.

  • Misalignment with government expectations: This behavior diverges from the government's intended approach, highlighting a need for reevaluation.

Comparison between two methods of scanning HKID cards for different angles
Most male users think the red dot reminds their gaming experience, making it easier for them to adjust the angle, while some female users do not understand the dot at all.

Users need to take around a minute for taking the first angle of the id card
Most users will ignore the instruction and demonstration gif.

Users seldom browse government service sites through "mygov.hk" (one-stop platform),
which differs from the government's plan.

Proposed solutions.

Create clear alternative flow For users with less mobile phone experience and disabilities To register the app on different platforms And improve the adoption rate

Create precise in-app guidance on the registration process For all users To complete the registration flow intuitively And improve the adoption rate and user satisfaction

Create comprehensive marketing materials and campaign For general public To understand the need for the security measures on registering the app, the different types of registration platforms for different users with different needs and how they can benefit from the app And improve the adoption rate and net promoter score

Strategic Recommendations

Given my limited control over product marketing, I recommend that the government emphasize the importance of digital identity, positioning iAM Smart as an equivalent to a physical ID card. This approach will help the public understand the necessity for robust security measures during registration.

Marketing and Promotion

To effectively communicate this message, it's essential to:

  1. Platform-specific promotion: Encourage each service platform to promote iAM Smart functions when they roll out support.

  2. Clear messaging: Ensure that marketing materials clearly convey the significance of digital identity and the importance of strict security measures during registration.

User Support

To alleviate difficulties with registration, I'm focusing on:

  1. Alternative registration methods: Providing options for users to register using physical ID cards or receiving assistance from staff.

  2. Intuitive instructions: Tweaking instruction copy to make the registration process more user-friendly and intuitive.

Design.

Intuitive In-App Guidance

Our usability tests reveal that most users ignore instructions and demo GIFs during registration. To address this, we've introduced precise in-app guidance, including:

  1. Audio guides: Designed to calm users and provide instant cues as they progress through the process.

  2. Contextual support: Users will only review instructions if they encounter difficulties at any stage.

Clear Alternative Flow

To ensure a seamless experience for users who struggle with registration, we've implemented a clear alternative flow, which includes:

Sub-feature for alternative registration: When users fail to complete any registration stage, the system prompts them to:

  1. Visit a kiosk or counter: Directing users to a nearby location where they can receive assistance and complete the registration process.

  2. Audio guides have been added to assist the registration process, and audio cues will be played along with the scanning session

  3. Once the users fail in any of the registration stages, the timeout prompt will guide users to register in kiosks or register in counters with staff assistance.

Audio guides have been added to assist the registration process, and audio cues will be played along with the scanning session

Once the users fail in any of the registration stages, the timeout prompt will guide users to register in kiosks or register in counters with staff assistance.

Learnings.

Lessons Learned

While there's room for improvement, I'm excited about the project's progress and the lessons we can learn from it.

  • User feedback: We've received valuable insights from users who have encountered difficulties with ID card scanning. This feedback will help us refine our process and make necessary adjustments.

  • Government engagement: Although we may not have had the opportunity to implement all of my proposals, I appreciate the government's efforts to promote digital identity and provide access to various services through iAM Smart.

Opportunities for Growth

As we move forward, let's focus on:

  • Product marketing campaign: Developing a targeted campaign that highlights the importance of security measures for digital identity and encourages users to register through counters and kiosks.

  • User-centric design: Embracing user feedback and conducting qualitative interviews with senior citizens and the disabled to better understand their needs and preferences.

Key Takeaways

  1. Complexity can be an advantage: A robust registration process may seem complex, but it's essential for ensuring security measures are in place.

  2. User behavior analysis: Understanding how users interact with our platform and identifying areas where we can improve will help us create a more user-friendly experience.

  3. Collaboration is key: Working closely with stakeholders, including government departments and the public, is crucial for developing an effective solution that meets everyone's needs.