Overview
Consento is an app that stores and controls access to confidential and private data using p2p encrypted storage.
The key to accessing the data is split among trusted people. To unlock the vault the trustees need to give their consent.
The concept of the Consento system was developed by Martin Heidegger and with a small group (Developer, Product Owner, UX researcher and me as UX/UI designer) we pitched the concept to the open call of NGI LEDGER - the venture builder for human-centric solutions. LEDGER, an EU-funded project, empowers people to solve problems using decentralized technologies.
The goal was to create an MVP version, that could then be turned into a full product.
My Role
User research & Analysis · Persona creation · User Interviews · MVP definition · Product Design · Low/High fidelity wireframes · Prototyping · Illustration, logo and icon design · Design system / styleguide · Usability testing
The Problem
The idea of Consento came to life because the company I was working with did not have a system to securely share data, either internally like employee information or sensitive client data. Often clients would send encrypted .zip files via email and a second email with the password.
Passwords are not considered to be a secure method of authentication for several reasons like weak and easily guessable passwords or phishing scams. Two-factor authentication (2FA) is deemed to be a more secure method of authentication compared to passwords alone, but it is not without its own set of problems. One of these problems is often the dependence on middlemen software that people have no control over.
The Solution
Providing a new form of multi-factor authentication (MFA) with collaborative access management that is built on human relationships and open source technologies. The app enables you to see who has requested access to your data and make informed decisions about who to grant access to and who to decline. A user-centric interface enables everyone to comply with security policies regardless of their understanding of tech.
User Research
Our objective in conducting research for Consento was to validate the potential use cases for our product and to clearly define our target audience. To gain an in-depth understanding of user experiences, motivations, and attitudes, we conducted 30 user interviews with clients, freelancers, and acquaintances of the company.
The core philosophy of Consento is based on human relationships, and therefore, we chose to utilize this qualitative research method to foster a personal connection with users and encourage open and honest communication of their goals and pain points.
Key User Insights
Lack of awareness: Many people are not aware of the risks and potential consequences of a data breach, leading to a lack of investment in proper data security measures.
Avoidant of security measures: Implementing robust data security measures can be a complex and technical process, which may be difficult for non-technical SMEs and freelancers to manage.
Mobile and remote work: As more and more businesses and freelancers adopt mobile and remote working, securing data on portable devices and remote networks becomes increasingly difficult.
Exchange and storage of sensitive information: Setting up a secure channel, for the time of a project, with custom policies between parties is useful (e.g. developer team works with a large company as a subcontractor)
Distrust in the cloud: Central cloud solutions are not trusted and people fear losing access to data if they add security levels
Employee training: Training employees on data security measures and best practices are often overlooked in smaller businesses and by freelancers, leaving them vulnerable to potential breaches.
The interview results showed us, that there are a variety of use cases for Consento and also that the perception of cyber security highly depends on the knowledge of the person about that topic. We condensed the insights into three main personas.
The multifactor authentication market
The global multi-factor authentication (MFA) market size was valued at USD 9.16 billion in 2020 and was projected to reach USD 23.49 billion by 2026, growing at a CAGR (Compound Annual Growth Rate) of 16.5% during the forecast period (2021-2026), according to a report by MarketsandMarkets. A growth rate of 16.5% is considered significantly high. In comparison to other cybersecurity markets, such as antivirus or firewall, the MFA market is still relatively new and growing rapidly.
By offering an innovative authentication method like Consento and addressing the evolving needs of customers, there is a huge potential to differentiate from competitors and gain market share.
Visual Identity Design
We believe encrypted data management can be redesigned with human trust at the core. To convey the feeling that data protection is not just an issue for "tech nerds" but should be accessible for everyone, we decided to create various illustrations as part of the visual identity. The illustrations help understand the use of Consento and communicate the brand's values.
The logo mark consists of shapes that resembles an abstract human figure (blue) reaching out to touch what might be another human's arms (red). Visually this represents the core of what Consento is build on. Part of the logo also resembles a lock icon, referring to the encryption ("locking away") of data with Consento. Furthermore a "C" for "Consento" can be seen in the negative space.
Feature Detail: Setup and Onboarding
We learned from interviews that users would prefer detailed guidance and explanation when setting up and using Consento. At the same time, Consento should feel enjoyable and not like a burden.
The app will make sure to nudge users to keep their space secure, by pointing out at ways to improve their security and maintain the security mechanism up-to-date. Also, a security level system indicates to users how safe their setup is.
Documenting the Process
Since one of the core values of Consento is transparency we wanted to focus on providing documentation of Consento's development on the website. Therefore the docusaurus framework was chosen to build a light website and make use of features like versioning, content search and localization.
Consento is an open source project and wants to encourage contribution from a diverse set of developers who are interested in the project, so the website was also aiming to help build a Consento community by providing frequent blog posts and news as well as promoting the Consento discord server.
Reflection and Outcome
After successfully securing funding from the NGI ledger program for developing the MVP, the team encountered challenges in securing business partnerships and early adopters due to several factors, including people’s underestimation of cyber attack and data breach risks, apathy towards data protection, and initial distrust towards cyber security solutions proposed by small enterprises. This situation would have needed a significant allocation of resources for certification, such as ISO 27001, or a partnership with established players in the cybersecurity market to build trust.
Nonetheless, extensive research on competitors and existing solutions, coupled with numerous user interviews, yielded valuable insights into the cyber security market. These insights were used to enhance the company's privacy policies and improve other projects.