Helping Google understand how users think about cross-device authentication to inform future sign-in, security, and account experiences

The Challenge

Google's Cross-Device Authentication (XDA) team wanted to understand how people navigate authentication across increasingly connected ecosystems of phones, laptops, smart TVs, watches, speakers, and smart home devices.

The challenge was that authentication is largely invisible. Product teams think about authentication every day; users rarely think about it until something breaks. Google needed a behavioral understanding of how people make authentication decisions, how they perceive risk, and what future authentication experiences they would trust.

My Contribution

  • Project Leadership: Managed client relationship, project scope, budget, workplan, and final deliverable development.

  • Research Design: Developed recruitment strategy, screener, discussion guide, and multi-day remote ethnography activities.

  • Field Research: Led interviews exploring authentication behaviors across personal, shared, and communal devices.

  • Behavioral Modeling: Developed user archetypes, mental models, and decision-making frameworks explaining authentication behaviors.

  • Strategic Storytelling: Led synthesis, narrative development, opportunity framing, and executive presentation.

Key Insight #3: Physical Safety Creates a False Sense of Digital Safety

Users often assumed devices in their possession were inherently secure. If a device was:

  • In their hand

  • In their home

  • Nearby

Many users assumed additional authentication was unnecessary, even when significant personal information remained accessible.

Strategic Outcomes

  • Created a Behavioral Framework for Authentication Design: Moved the discussion beyond authentication technologies (passwords, biometrics, tokens) and toward the underlying motivations and trade-offs driving user behavior.

  • Identified Distinct Authentication Archetypes: Established a user archetype spectrum, giving product teams a shared language for discussing different user needs and security preferences.

  • Informed Future Cross-Device Strategy: Provided design principles for creating more intuitive, unified authentication experiences across Google's growing ecosystem of connected devices.

Key Insight #1: Users Fall Along a Security-Convenience Spectrum

Rather than one universal mindset, users clustered around two distinct behavioral orientations:

  1. Short-Cutters:

    • Prioritize speed and convenience

    • Use stronger authentication only for data they perceive as highly valuable

    • Prefer fewer accounts and simpler credentials

  2. Guards:

    • Prioritize security

    • Actively seek stronger authentication methods

    • Maintain separate accounts and unique credentials for different purposes

Most users existed somewhere between these two poles.

Key Insight #2: Perceived Value Drives Security Behavior

Users didn't evaluate authentication based on actual risk. Instead, they evaluated it based on what they believed the underlying data was worth. People expected strong authentication for:

  • Financial information

  • Medical information

  • Personally identifiable information

But frequently underestimated risk on seemingly low-value accounts that still contained payment information or personal data.

Key Insight #4: People Want One Key to Their Digital Life

Across participants, a consistent future-state vision emerged:

  • People wanted authentication to disappear.

  • Near-term, users imagined their phone becoming a trusted key that unlocks all devices and services.

  • Long-term, users imagined becoming the key themselves, with devices automatically recognizing their identity and granting appropriate access.