Google OAuth & User Protections

My role on this team project served as design leader, guiding a very talented team through the design process to converge on tangible outcomes. The product delivery to Google UX was a very impressive presentation of automated journey mapping that I was proud to be a part of.

Our design purpose was to understand the common use of open authorization (OAuth) as a means for enabling internet users to access and use secure third party websites or services using their Google account without exposing their passwords. The scope of stakeholder interests in OAuth was explored, with particular focus on the data security and privacy interests of end users. The Design Management team focused on practical behavioral economic principles and strategies for encouraging normative values and principled use of OAuth in practice.  

Research

Behavioral Economics was the key method for breaking down the complexities of trusting technology. Brainstorming ways to help the user understand data shared with an open authorization, user interviews, login transparency, and the ability to opt out of certain features the concepts of consent expiry & transference of application ownership was also explored.

Problem

Many people don't fully understand or trust that sites will be responsible with their information when allowing Google to authorize login to a third party application. There's very little in-context explanation or policy transparency.

Solution

Provide and help contextual guidance when users are offered the option for Google OAuth to specify details of how data is being shared and to notify users if ownership of application is transferred. Allow the user to set an expired time for consent and provide notifications when this consent is about to expire.