We've made a design sprint around the topic of adoption and usability for the crypto wallets. Our focus was on the wallet creation process, making it more fun and usable specifically.
This challenge was selected based on the idea that storing a password on paper or memorizing isn't good enough for the mass market. Done by Oleg Bugrovoy, Eugene Reznik, Stas Varetsky and Max Semenchuk.
Most of the wallets now propose the mnemonic phrase and sometimes private key extraction. Gnosis Safe is researching recovery mechanisms leveraging know-your-customers (KYC) providers based on smart contracts.
If people lost access to their funds, they could leverage a decentralized network of KYC providers to verify their identity and change the keys on their wallets. Opera mobile browser with crypto wallet uses Touch/Face ID for authorization. Burner wallet keeps the private key in the cookies of the browser to quickly use and withdraw funds from it.
We've tried to understand whether
- users want the improvement in the authorization process
- we can make a more seamless experience on mobile devices
Previously we've already tested the solution by encoding the private key to the picture.
From the initial brainstorming, a couple of solutions emerged. The selected solution included the security slider. As in different contexts could prefer different levels of security, we offer the few options to choose from:
- No password — for one-time use, for the use case of food tokens on the conference or workshop/game setup
- Touch/Face ID — for storing a small amount of crypto, specifically dapps usage, etc
- Social backup (Sharing with friends) — allowing specific users who know to help to recover the keys. Can be a good solution for family and team usage contexts (e.g. wallet for mom)
- Mnemonic — the standard seed phrase option
We haven't dig deep into the technical aspects of each option, which may be the subject of further research. The current task was in testing the user experience change, identifying the benefits and concerns.
You can try the interactive prototype here: https://share.protopie.io/RpHzbk7RtEa
We've made interviews with 5 people from our circles. They are experienced IT people, but not from the cybersecurity field. Their usage is from low to medium, with wallets like Metamask, Ledger, Jaxx, Coinbase, MyEtherWallet, IMToken, Poketto Cash on desktop and mobile. Mostly for transacting, dapps, and sometimes development.
Several insights from a preliminary interview on their usage:
- Respondents use 2–4 wallets simultaneously
- One respondent uses an iPhone wallet, with restricted wifi access for security
- Jaxx for mobile has positive and negative feedback (not usable), desktop-only negative
- Coinbase wallet lacks functionality and is not intuitive (not clear how to add ERC20 tokens)
- Recovery is rarely used but is pretty hard
- It's convenient to store the seed phrase in the keychain
- MyEtherWallet was used once for ENS domain
- One respondent stores password for the metamask in the notes with touchID protection
- Metamask loading takes a long time even on the high performing hardware, has bugs with UI (fonts)
- IM token was used for ICO cause of its speed
- Liked the Argent demo, but haven't tried it
Feedback on the demo with quotes:
- "Design looks cool", "got most of it"
- "Would rather use tap then slide for selection"
- "Lack of some headling that it's the authorization selection"
- The next button was confused for selecting the next option, rather than submission
- "Not sure how I should select", maybe context selection would work better than names of the options (e.g. one-time, transacting small amounts & dapps, storing big money).
- Share with friends looks concerning. "More people you share with, less secure it becomes". Not clear from this step how it should work.
- "Won't select mnemonic as would still need to put it somewhere". "Don't get the mnemonic functionality."
- Touch/Face ID is considered to be the leader (not sure why is less secure then mnemonic). "Banks use it so should be fine". Can be the "optimal" security option. "Still can be hacked"
- "No password" option — not clear seems more compelling for several addresses use case. Am accustomed to a one-time email, but not sure how this should work, makes no sense.
- "Don't want to take responsibility, want the system to look security solid, and shift responsibility to it". "Am not concerned about storing the password in the cloud — lot's of my passwords are already there".
- The user would like to have a login/pass option with storing the password in the cloud. Also possibly add the PIN functionality or graphical passwords (as in Android). Ideally, need hardware integration
Probably there would be a more clear divide in the future for wallets with different scenarios. While making the ultimate wallet suitable for everything may seem like a good idea, there's a lot of concerns and clarifications needed to be made for different types of users.
Maybe this solution can work better for networks that don't have such a wide variety of options as Ethereum. Or can be used as a dapp specific solution, instead of the centralized login password mechanic.