Personhood Credentials: Human-Centered Design Recommendation Balancing Security, Usability, and Trust

TL;DR

This paper addresses the challenge of designing user‑friendly PHCs that balance privacy, security, and trust. It combines a formative competitive analysis with a user study (N=23) to uncover user perceptions, onboarding preferences, data requirements, and issuer architecture choices. The authors propose actionable design implications, including time‑bounded credentials, multi‑layer verification, interactive human checks, and decentralized issuance standards, aiming to enable scalable, trustworthy PHCs. The findings illuminate the tensions between familiar traditional verification and innovative PHC approaches, offering concrete guidance for policymakers, platform operators, and researchers to advance user‑centered identity verification systems with better explainability and governance.

Abstract

Building on related concepts, like, decentralized identifiers (DIDs), proof of personhood, anonymous credentials, personhood credentials (PHCs) emerged as an alternative approach, enabling individuals to verify to digital service providers that they are a person without disclosing additional information. However, new technologies might introduce some friction due to users misunderstandings and mismatched expectations. Despite their growing importance, limited research has been done on users perceptions and preferences regarding PHCs. To address this gap, we conducted competitive analysis, and semi-structured online user interviews with 23 participants from US and EU to provide concrete design recommendations for PHCs that incorporate user needs, adoption rules, and preferences. Our study -- (a)surfaces how people reason about unknown privacy and security guarantees of PHCs compared to current verification methods -- (b) presents the impact of several factors on how people would like to onboard and manage PHCs, including, trusted issuers (e.g. gov), ground truth data to issue PHC (e.g biometrics, physical id), and issuance system (e.g. centralized vs decentralized). In a think-aloud conceptual design session, participants recommended -- conceptualized design, such as periodic biometrics verification, time-bound credentials, visually interactive human-check, and supervision of government for issuance system. We propose actionable designs reflecting users preferences.

Figures (6)

• Figure 1: Overview of key findings and design implications from user interviews. Our study examines user preferences for onboarding processes (offline vs. online), credential types (e.g., biometrics, government-issued IDs), and issuer types (government vs. private companies). Additionally, we propose design implications, including verification choice facilitation, credential portability, dynamic multi-factor verification, and decentralized issuance standards.
• Figure 2: Method overview includes (a) a formative understanding of current personhood verification and related challenges through competitive analysis (b) users' perception, preferences, and design through an interview study
• Figure 3: PHC-related interfaces: (a) Idena validation test, (b) World App backup process.
• Figure 4: Results of architecture preference: Which type of system would you prefer to issue and manage your PHC for each service provider?
• Figure 5: Design suggestions for PHC: each represents the following design themes (a) Time-bounded credential for privacy; (b) Sensitivity-based usable credential choice for PHC; (c) Comprehensive visually interactive human check; (d) Mitigate PHC misuse; (e)(f) Distribute power across issuer: decentralized vs centralized.