Working on Clef, it is tempting to optimize for some of the metrics which have been important to other companies like ours. We can use these metrics to compare ourselves against passwords and traditional two-factor authentication, and eke out incremental benefits for users or sites who decide to use Clef. Those metrics might include:
-
The level of security we are able to offer customers
-
The speed of each login
-
The ratio of time logged in with Clef to time managing Clef
-
The number of taps between each login
For the first two years of Clef’s existence, we often found ourselves following our guts in the wrong direction on each of these metrics but were unable to articulate why. We looked at other solutions that out-performed us in each of these categories and worried about whether we were overlooking optimizations that would make Clef a better product. We kept making decisions that felt right, but weren’t backed up by the core metrics we "should" have been measuring.
Even as we seemed to be working in the wrong direction, people were choosing Clef over the other options and connecting with it in a way that was radically different. We discovered that while people used other options, they loved using Clef.
We came to realize that while each of those core metrics might map to a frustration with passwords and/or other existing ways of logging in to an app or service, none of them truly addressed the real pain people were experiencing.
Passwords take time and are fundamentally insecure, but most people log in pretty quickly and don’t know enough to understand the security minutiae. What we found to be more important are the things people feel when logging in:
-
Guilt that they are not protecting themselves with the "best practices" which they are told over and over again.
-
Anxiety that they may not remember their password, and therefore won’t be able to access something important and/or urgent.
-
Fear that they are not protected by their passwords and that their identity may be at risk, often fueled by media coverage around breaches and identity theft.
Identity is something that’s fundamental to being human. And it’s because of this that passwords — be that logging in or signing up — can often trigger emotional responses. The constant repetition of emotional responses associated with guilt, anxiety, and fear can force us to associate shame with identity.
The solution to the "password problem" isn’t faster logins or additional layers of security. Instead, we have to work to dismantle the negative, or shame-based, associations with identity by both empowering our users and delivering an experience they can understand and feel positively about.
At Clef, our core product value is clarity.
Prioritizing clarity means that Clef will always be accessible and unscary for our users. It empowers them to feel in control of and protect their identity, as well as understand and engage with the concept of security online. Done with beauty, the experience of logging in with Clef creates a sense of magic and wonder that is impossible to fake.
Clarity requires deep empathy and constant refinement. It does not always make Clef faster or safer, but instead, has a positive impact on the way our users feel. This positive feeling is the key to our success, both as a team and a company, and it’s what we should strive for every time we ship something new.