Publication Authentication + Accounts

Digital Doorways to Public Benefits: Beneficiary Experiences with Digital Identity

Led by the Digital Benefits Network in partnership with Public Policy Lab, the Digital Doorways research project amplifies the lived experiences of beneficiaries to provide new insights into people’s experiences with digital identity processes and technology in public benefits. This report details the project’s findings, directly highlighting the voices of beneficiaries through videos and photos.

Published Date: Sep 2, 2025
Last Updated: Sep 8, 2025

Introduction

When people across the United States apply for public benefits online, they are often asked to create an account, and, in some cases, verify their identity to prove they are who they claim. Depending on the state agency’s approach to digital identity management, this experience can involve varying degrees of friction and burden—meaning some people can apply for benefits quickly, while others will seek alternative paths, delay application, or forgo applying altogether.

Digital identity refers to how people represent themselves online, for example, through an account registered to a name and email. This report uses digital identity processes to describe tasks related to account creation, authentication, and identity proofing (often colloquially called identity verification).

For many internet users, tasks like entering a username and password or using multi-factor authentication (MFA) to access an account are routine and inconsequential. But for public benefits access, the stakes are higher. Sometimes, forgetting a password or getting locked out of an account can mean being unable to pay your bills. “Chris,” a beneficiary from Arizona, described it this way: 

“There’s been times where I didn’t have my cell phone service on because I couldn’t afford to, and I couldn’t recover stuff because it couldn’t text me. And you know, that brings you to your knees… You have to go and find somebody to help pay your cell phone bill so that you can recover your email, so that you can recover your state benefits account, so that you can keep your lights on.”

“Chris,” Arizona

Throughout the report, we’ll refer to participants using aliases. These names appear in quotation marks. 

When designing digital identity processes, public benefits administrators must balance security with accessibility. They must keep users and systems safe, without creating unnecessary barriers that disempower individuals seeking help. This is no easy task. To build processes that are truly secure and inclusive, we must first understand who is struggling, how, and why.

What to Expect

We believe it’s imperative for readers to hear directly from beneficiaries about their experiences. Multimedia clips are embedded throughout the report, and the short video below introduces you to the project and some of the beneficiaries we spoke to.  

We conducted this research in the spring of 2025. We carried out our interviews in a moment of anticipated change to public benefits policy and delivery, but before the shape of those changes was clear. We believe the findings below offer evergreen insights into beneficiaries’ experiences using technology to access public programs online, and the support that might make those processes more seamless. 

Given the H.R. 1 SNAP cost shifts to states based on payment error rates, and new work reporting requirements in Medicaid, state agencies will likely require additional and consistent touch points with beneficiaries in the coming years. We believe it’s imperative that the process of interacting with agencies, for example, reaccessing portals and accounts, is as easy and straightforward as possible to enable access and program administration.

Below, we provide relevant background information and outline the project approach, before sharing insights and actionable recommendations.

Prefer to read a summary of the Digital Doorways to Public Benefits: User Experiences with Digital Identity report?

Jump Ahead

  1. Beneficiaries regularly put aside privacy concerns in order to access benefits. 
  2. Security and convenience are often at odds in password use. 
  3. Unstable access to accounts and devices makes multi-factor authentication (MFA) a challenge. 
  4. Account access can prove difficult when personal information and service needs change. 
  5. Biometric verification can come with usability issues and doubt. 
  6. Beneficiaries are split on comfort level with biometrics.
  7. Beneficiaries want access to personalized human support, even if it costs them time. 
  8. Security questions and knowledge-based verification do not reflect diverse life experiences.
  9. Not all friction is equal—some helps, some harms. 
  1. Build trust by providing simple explanations of how people’s data will be used. 
  2. Invest in maintaining and strengthening human support. 
  3. Take a risk-based approach to evaluating whether a specific interaction or transaction requires an account.
  4. Structure the password creation process to make it easier for beneficiaries to make strong security choices.
  5. Provide multiple pathways for individuals to successfully use MFA, along with clear information about why MFA is needed. 
  6. Ensure there are clear and easy-to-use pathways for individuals to regain access to accounts and reset passwords.
  7. If proofing is necessary, ensure there are multiple ways for beneficiaries to prove their identities.
  8. Be cautious about adopting alternatives like biometrics and mobile driver’s licenses.

Background

In 2022, the Beeck Center’s Digital Benefits Network (DBN) launched an initiative to study how digital identity functions in the public benefits system. This work was driven by growing concerns about how account creation and identity proofing requirements create burdens for applicants and beneficiaries. It quickly became clear that agencies administering benefits needed more support and information to develop digital identity approaches that balance access, security, and privacy. 

Identity proofing is the official term for the set of tasks required to confirm a user is who they say they are. Learn more in “Digital Identity 101: An Introduction to Digital Identity in Public Benefits Programs.”

In 2023 and again in 2024, the Digital Benefits Network published an open dataset documenting account creation and identity proofing requirements in online applications for SNAP (Supplemental Nutrition Assistance Program), WIC (Special Supplemental Nutrition Program for Women, Infants, and Children), TANF (Temporary Assistance for Needy Families), Medicaid, child care, and Unemployment Insurance (UI) across all states and territories, to help the broader ecosystem identify promising practices and areas for improvement in public benefits identity management. Today, the DBN’s work includes:

  • Ongoing landscape research, identification of promising practices, and guides to support practitioners in building awareness and rethinking their own systems. 
  • A community of practice bringing together stakeholders across the United States focused on implementing digital identity solutions in government contexts
  • BalanceID, a joint effort between the DBN, the Center for Democracy and Technology, and the National Institute of Standards and Technology (NIST) to adapt NIST’s digital identity guidelines to a public benefits context. This work aims to help agencies make more risk-based, human-centered decisions about whether and how to use account creation and identity proofing in benefits delivery.  
  • Digital Doorways, in partnership with Public Policy Lab, to bring direct insights from the people most impacted by barriers to digital benefits access—beneficiaries navigating digital identity processes—often on their own, and often with very limited resources.

We continue to be in active dialogue with stakeholders about what is needed to support the implementation of accessible, effective, and equitable digital public benefits. We hope this project is one spark towards that goal. Feel free to get in touch with your ideas and questions.

Project Overview

The Digital Doorways project aims to deepen understanding of the lived experience of people who interact with digital identity processes—tasks like creating an account, logging in, submitting documents, and biometric verification—when applying for and accessing public benefits.

In late 2024, we launched a partnership with Public Policy Lab (PPL), a nonprofit that works with government agencies and service providers to research, design, and test new policies and services. Together, we conducted qualitative research on the digital identity experience with beneficiaries across the United States. Between March and April 2025, members of the DBN and PPL teams conducted 33 interviews with beneficiaries and subject-matter experts (SMEs) in Massachusetts, Arizona, and New York.

We chose qualitative methods for the depth of insight they offer into the emotional and psychological impacts of digital identity processes. While surveys and other quantitative approaches are useful for identifying broad trends, the first-person stories uncovered by qualitative approaches provide powerful evidence of how technology shapes people’s daily lives. Despite working with a modest sample size, we came away with a deep and highly contextualized understanding of how each participant relates to digital identity, and why.

Until now, the understanding of digital identity has largely been shaped by institutional subject-matter expertise. We hope that by providing input from the people most affected by digital identity challenges, this research project will lead to the development of a more human-centered front door to public benefits.

Audience

We envision the Digital Doorways project as relevant to groups who design, administer, and support beneficiaries in navigating digital identity processes. These include:

  1. State benefits agencies. State agencies responsible for designing, building, and maintaining digital identity processes can share and discuss the research findings, pursue further learning and research, and implement recommendations. 
  2. Community-based organizations (CBOs) and community partners. Organizations who support beneficiaries in applying for and maintaining benefits can use findings to contextualize the challenges their clients face, and advocate for the implementation of recommendations. 
  3. Policy, advocacy, and research groups. These groups can advocate for the implementation of recommendations in this report, and build on the research—interviewing more beneficiaries and SMEs in different states, and disseminating their own findings.      
  4. Philanthropic funders. Funders can help make the recommendations in this report a reality by funding additional research, identity management and data protection trainings, and redesigns of state systems. 

Context and Existing Research

Why Context Matters

“Robert,” one of our research participants from Massachusetts, is 61 years old and uses SNAP. If he picks up his phone and tries unsuccessfully to log in to manage his benefits, it is unlikely he will blame his frustration solely on the state’s approach to account creation or identity verification. His experience of digital identity processes is also shaped by the broader design of the benefits enrollment process, his personal history with public assistance, his views on government and data privacy, and his access to and comfort with technology.

This report should be interpreted with these interconnections in mind: Digital identity experiences are always entangled with broader systems, histories, and relationships.

As such, this study is not meant to be viewed in isolation. The Digital Doorways project builds on a rich body of existing research while contributing new insights specific to digital identity, and its findings gain meaning when considered alongside other inquiries into interconnected topics. Together, these efforts reveal patterns and connections that offer a fuller picture of the challenges people face. 

Below, we outline key relevant takeaways from ongoing research in three areas: benefits service delivery; barriers related to access and digital literacy; and perceptions of government, technology, and data privacy.

Challenges in Benefits Service Delivery

For most public benefits applicants or beneficiaries, activities related to digital identity are not wholly distinct from other enrollment activities, such as filling out a complex application form, submitting pay stubs to verify income eligibility, or traveling to a field office for an appointment. These processes are all required steps to accessing benefits. To understand how people experience creating and proving their identity online, we have to understand the challenges they face before and after. 

Central to this is administrative burden, a concept advanced by Pamela Herd and Donald Moynihan in their 2018 book of the same name.1 Administrative burden describes the obstacles individuals must navigate when seeking institutional services—obstacles that can, at times, prove impassable. Such burdens can be written straight into policy via onerous requirements, confusing eligibility rules, or redundant recertification processes. While some are crafted as political tools, others are merely the unfortunate result of bureaucracy, limited data-sharing across agencies, or a lack of insight into the lived experiences of the public. Digital identity processes offer some good examples, from requesting extensive personal details to setting up new accounts for different benefit programs, and requiring scans of multiple physical documents—like birth certificates, tribal membership cards, or passports—that can be difficult to locate. 

One beneficiary we spoke to in Massachusetts described the way administrative burden creates as an “us vs. them” dynamic between institutions and the public:   

“It makes me feel a little resentful that they seem to know who I am when they want me to pay taxes and everything. But then, all of a sudden, when they’re supposed to be doing something for me, they’re like, ‘Well, do I know you? Who are you?’” 

“Kim,” Massachusetts

Regardless of intention, beneficiaries must carry these burdens. When applying for public benefits, this can look like laboring over a lengthy, redundant application, waiting on hold for hours to speak to a caseworker, or taking three buses to a required in-person interview. These burdens can leave beneficiaries and applicants feeling penalized for seeking help—more like cogs in a bureaucratic system than real humans in need. 

Organizations and internal government teams across the United States have conducted research with beneficiaries and frontline staff to better understand these difficulties. Some common pain points that have been documented elsewhere—and which were echoed in our own findings—include:2

  • Applications and correspondence are confusing. Most benefits applications (and their related notices and letters) leave beneficiaries feeling stumped and overwhelmed. Filled with long blocks of text, unfamiliar words, vague instructions, and redundant questions, these materials are notoriously difficult to understand, let alone complete independently. Beneficiaries end up making errors, submitting incomplete forms, or missing deadlines and appointments. People with limited English proficiency (LEP) bear the brunt of this, with inconsistent translation and interpretation services offered across states and programs.3  
  • Redundant prompts make beneficiaries feel that they are being tested.  Having to answer the same questions or provide the same documentation over and over does more than just cost beneficiaries time—it also makes them wonder if someone is trying to catch them in a lie. A beneficiary we spoke to in New York described this feeling:

“It was just like, ‘Oh my god.’ It almost felt like I was an imposter, because I had to prove so much that it was really me… It’s like, ‘Okay, I need money, and I have to go through those crazy [things].’”

“Xandra,” New York
  • Accessibility is often an afterthought. Research continues to show that people with disabilities are more likely than the general population to qualify for and participate in public benefits programs.4 And yet, online applications are often difficult for people with cognitive disabilities to understand and incompatible with assistive technologies like screen readers, which are used by people who are blind or have low vision. Requirements for in-person appointments present additional challenges for people with physical disabilities or chronic illness.5
  • Access depends on documentation. Beneficiaries must typically provide specific (and extensive) documentation to prove their identity and program eligibility. Those who have lost important documents or face structural barriers—such as being unstably housed6 or recently incarcerated—may find it especially difficult to complete the process.
  • In-person requirements can be expensive and time consuming. Having to travel to meet a caseworker in person is not just burdensome for people with disabilities. Particularly in rural communities lacking public transportation, a beneficiary might need to request time off work, access a car and a licensed driver, and possibly find child care in order to make an appointment at their closest field office—which might be an hour away. 
  • Human support is hard to access. Complexity leads people to seek help from frontline staff, but continuing budget cuts have led to stressed and overburdened workers—resulting in poor customer service and longer wait times. As a result, beneficiaries might turn to friends or family who are often ill-equipped to help—and in some cases breach the beneficiary’s trust once they have access to their accounts. 
  • Online applications are not always mobile-friendly. A third of Americans in low-income households are smartphone-dependent, meaning they access the internet only through their phone.7 But, until recently, most online applications were not compatible with mobile devices, presenting a burden for eligible applicants who lacked access to a computer. (The situation has seen improvements in recent years, with Code for America reporting in 2024 that 69% of online applications are now mobile-friendly, up from 43% in 2019.8

When engaging with digital identity processes, beneficiaries are navigating what is often perceived as a broken system—and this strongly influences how they meet tasks like account creation and authentication, identity document upload, and knowledge-based verification (KBV) questions.

The pain points above are not comprehensive. Ongoing research at the state-level continues to shed light on the varied challenges faced by beneficiaries across the country. Examples of these studies include:

Michigan Online Enrollment Case Study

This case study documents how Civilla partnered with the Michigan Department of Health and Human Services (MDHHS) to redesign and modernize online enrollment for the state’s largest benefit programs.

Colorado Digital Government Strategic Plan

This strategic plan outlines Colorado’s vision to enhance digital government by improving broadband access, simplifying government services, and leveraging data to create a more accessible, efficient, and responsive government for all residents.

Disparities in Tech Access and Digital Literacy

As technology and internet access have become more accessible, online options for applying for and managing benefits online have grown in popularity.9 While these options are appreciated by many for their efficiency and convenience, accessing and using technology remains a significant challenge for millions of people in the U.S.10

This challenge is not equally distributed—rates of digital literacy and reliable access to computers, smartphones, and high-speed internet are lower among individuals who are lower-income, rural, or members of marginalized ethnic groups, as well as those with lower education levels11 — all populations that consistently demonstrate a greater need for public benefits. As benefits access moves increasingly online, it’s these populations that are at greatest risk for losing access to critical support. 

Plainly, this means that people participating in public benefits programs are more likely to struggle with basic technology, to say nothing of complex digital identity processes. This is vital context for understanding why certain processes, like multi-factor authentication and uploading documents—processes that might feel commonplace to a tech-savvy individual with broadband and an up-to-date smartphone—can become barriers for many eligible individuals. 

Perceptions of Government, Technology, and Data Privacy

Consider a 72-year-old beneficiary who has interacted with government systems for decades, often with frustration or mistrust. She’s long avoided technology, preferring to handle sensitive matters in person or by speaking directly with a human. When asked to create an account, use multi-factor authentication, or prove her identity online, she brings a set of concerns, doubts, and hesitations shaped by this history. Contrast this with a 32-year-old applying for benefits for the first time, using the same smartphone he relies on for nearly every aspect of daily life. These two beneficiaries’ expectations, comfort levels, and sources of friction will be profoundly different.

Again, pre-existing perceptions of government, technology, and data privacy vary across demographics. For example, Americans over 65 are less likely to feel they benefit from government data collection than their younger counterparts,12 and Hispanic, Black, Asian Americans are more concerned about government tracking and identity theft than white Americans.13 The same trend can be seen between lower-income and higher-income adults.14

One thing Americans do seem to share is the sense that they have little control over whether the government uses their data, and little insight into how it’s being used.15 And concern is growing—an increasing percentage of Americans worry about how the government uses the data it collects about them, rising from 64% in 2019 to 71% in 2023. Clearly, most adults interacting with digital identity processes in the U.S. are doing so with an undercurrent of skepticism and concern.

The Research Process

To focus our Digital Doorways research, the Digital Benefits Network and Public Policy Lab designed a plan to engage both beneficiaries and SMEs who support beneficiaries in accessing benefits. Our research emphasized three programs—Medicaid, SNAP, and Unemployment Insurance (UI)—in three states (Arizona, Massachusetts, and New York), through four areas of inquiry (access, trust, consent, and support).

Programs

We chose to focus on Medicaid, SNAP, and UI for several reasons:

  1. SNAP and Medicaid have very large enrollments nationally—their digital identity processes impact many lives daily. In 2023, approximately 42.1 million people received SNAP benefits per month, representing 12.6% of the U.S. population.16 As of January 2025, there were 71 million people enrolled in Medicaid nationally, which is about one in five Americans.17 
  2. SNAP and Medicaid are program focus areas for the BalanceID project, based on input offered by stakeholders inside and outside government during a public engagement process held in 2024. One reason behind this choice: SNAP and Medicaid have different requirements and recommendations regarding account creation and identity proofing. This can present challenges when incorporating them into integrated applications. Currently, 31 states and the District of Columbia have integrated online applications that include SNAP and modified adjusted gross income (MAGI) Medicaid.
  3. Identity proofing in UI became a critical issue during the COVID-19pandemic. Both beneficiaries and state agencies have faced challenges related to systematic fraud by organized groups against pandemic unemployment programs—and the resulting efforts to defend against it.

Further reading: Michele Estrin Gilman’s 2022 article in Minnesota Law Review, Me, Myself, and My Digital Double: Extending Sara Greene’s Stealing (Identity) from the Poor to the Challenges of Identity Verification uses the case study of unemployment insurance in the wake of COVID-19—namely, institutions’ hasty imposition of tighter verification requirements in response to sophisticated fraud at scale, which ultimately led eligible workers to be denied benefits—to assess the consequences of designing government systems around bias.

Research Locations

We chose the locations of Phoenix and Tucson, Arizona; Boston, Massachusetts; and Yonkers, New York to engage with beneficiaries and SMEs across diverse regional contexts—including states with varying configurations of online Medicaid, SNAP, and UI applications, and different digital identity processes.

For information on trends in program configuration, applications, and digital identity processes, as well as differences across states, see Section 1 of the Appendix.

Recruitment

We followed a thorough review and approval process involving both the North Star Review Board (an external Institutional Review Board, or IRB) and Georgetown University’s IRB. The study was approved through an expedited review process using a reliance agreement between the two institutions. To recruit participants in three states, we prioritized outreach to beneficiaries and SMEs who regularly engaged with this population, including legal aid staff and public librarians.

For beneficiary outreach, we partnered with local community-based organizations (CBOs), which helped distribute flyers and identify potential participants. These included Just A Start in Boston, and Wildfire AZ in Phoenix. Additional outreach methods included Facebook ads, Craigslist postings, and in-person recruitment at libraries, where some participants were invited to join on the spot. Participants were compensated for their time: $50 for one-hour interviews and $25 for 30-minute interviews, paid upfront. 

A Facebook ad used to recruit participants.

To better understand their background and experiences, we screened beneficiaries using a short set of questions. These included:

  • What benefits have you applied for?
    • When did you apply for that benefit?
  • Is this the first time you have applied for this benefit?
    • When did you apply for this benefit for the first time?
    • How did you apply? 
    • When did you apply? 
  • How tech-savvy would you say you are? 
  • Which public benefits do you intend on applying for in the near future? 
  • How comfortable do you feel sharing your personal information to access public benefits? 
  • Do you have a personal phone, computer, or tablet with a camera? 
  • Do you have stable internet? 
  • Do you have a disability, impairment, or another barrier that affects how you use technology? 
  • Are you an enrolled member of a federally-recognized Tribal Nation or a descendant of a member? 
  • What is your age? 
  • Which state are you accessing benefits from?

These questions were refined continuously throughout the project, with some added based on experiences in the first two states (Arizona and Massachusetts).

Distribution of participants’ program enrollment.
Answers to screening questions about application methods.

Participants were also invited to complete an optional demographic survey after their interview. Results are displayed below.

Summary of responses to demographic survey

To recruit SMEs, we contacted a legal aid firm in Boston and engaged with librarians at a public library in Tucson, Arizona.

In total, we conducted 29 interviews with beneficiaries, and four interviews with SMEs in accessible, community-centered spaces, including libraries, nonprofits, and CBO offices.

Research Methods Note: Recruitment 

In some cases, recruiting participants primarily through CBOs proved challenging due to timeline constraints and the CBO staff’s limited ongoing access to or contact with clients. In light of this, we supplemented outreach with online methods, which introduced its own limitations—specifically, an overrepresentation of beneficiaries who are more comfortable using technology, and an underrepresentation of those with limited or no access to the internet or devices. It is these individuals who often experience the most severe challenges.

When possible, we recruited on location in libraries by sharing flyers and asking librarians to announce the opportunity at community events. This allowed us to reach individuals who do not regularly go online.

Participant Profiles

Below is a small sample of the people we met during our research. 

Robert,” Massachusetts

Age: 60-69
Current Benefits: SNAP

Robert considers himself relatively tech-savvy but is often frustrated with technology and online services. He had health issues and was unemployed for the last year—but he is better now and has a new job.

Lauren,” New York

Age: 21-29
Current Benefits: SNAP, WIC 

Lauren considers herself tech-savvy and comfortable navigating technology. She knows how to do a lot of stuff, but there are also things she needs help with. She is a new mother and learned about WIC from her OBGYN. 

Belle,” Arizona

Age: 40-49
Current Benefits: Medicaid, SNAP, UI

Belle considers herself tech-savvy and doesn’t find it challenging to log into accounts. She receives free phone service and has a phone without a working camera.

“Laura,” New York

Age: 40-49
Current Benefits: Medicaid, SNAP, UI 

Laura considers herself relatively tech-savvy, but not a technology expert. She has been with the same company for a few years, but as a seasonal worker, she is let go every summer from April to August.

Methods

We conducted in-person, semi-structured interviews lasting between 30 and 60 minutes. 

Semi-structured interviews are guided conversations designed to elicit personal stories, reflections, and insights about lived experiences, while allowing for flexibility based on participants’ responses. We designed interview guides around four areas of inquiry:

  1. Access: What accessibility challenges do beneficiaries face when navigating digital identity processes across different contexts, devices, and personal circumstances?
  2. Consent: How do beneficiaries experience choice, control, and transparency in digital identity processes?
  3. Support: What support systems are available to applicants, and how do they interact with them?
  4. Trust: How do digital identity processes and/or external forces affect beneficiaries’ trust, agency, and experiences accessing public benefits?

See Section 2 in the Appendix for more detailed questions for each area.

All interviews were conducted in English, but future research on this topic could expand insights by conducting interviews in additional languages. 

During these sessions, researchers used design stimuli—visual prompts including process flows and interface mockups—to support the conversation. Stimuli were used both to ground abstract questions in specific, tangible examples and to remind participants of scenarios they might have previously encountered when applying for public benefits. This approach helped elicit detailed feedback and observations that might not surface via interview questions alone.

A participant gestures to design stimuli during an interview. 

Interviews were recorded using lightweight video and audio equipment, including smartphones, tripods, and portable audio recorders. This documentation recorded  participant responses for two purposes: (1) later analysis by our research team, and (2) future storytelling efforts, such as this report—allowing beneficiaries to speak directly to the audience of this research.

A researcher interviews a participant on camera. 

Research Methods Note: Interview Approach 

Our interviews asked participants to reflect on prior encounters with digital identity processes. Since participants had not recorded their reactions during those initial encounters, responses focused more on overall perceptions and accumulated experiences.

Interviews can offer deep insight into the emotional resonance of an experience—something that real-time methods cannot capture. Learning how a participant remembers an experience can often reveal more about its impact than observing the interaction itself, though we lose some granularity about what specifically works or does not work. 

The design stimuli allowed us to compensate for this by jogging participants’ memories, eliciting more detailed memories related to specific moments and interactions.

Find design stimuli used in each state in Section 3 of the Appendix

After completing the last interview, the DBN and PPL teams gathered to make meaning from the raw data, which included over 700 relevant qualitative data points. This synthesis resulted in nine insights, each shedding light on a key beneficiary pain point related to digital identity.

Research Methods Note: Materials

For more information on our research materials, including consent forms, please email info@publicpolicylab.org.

Insights

The insights below reflect sentiments around digital identity that emerged repeatedly across interviews. (Unsurprisingly, interviewees also spoke at length about the benefits service delivery more broadly, referencing many of the challenges that appear in the Context and Existing Research section above.)  

For each insight, we highlight specific quotes and reflections from beneficiaries and SMEs, demonstrating the evidence that informed our synthesis, as well as how insights manifest in people’s real lives. Insights are tagged with one of several broader themes:  privacy, trust, security, device access, account access, human support, and life changes.  

We conducted these interviews between March 10 and April 3, 2025, prior to new actions by federal agencies accessing and sharing beneficiary data, including the United States Department of Agriculture’s request for SNAP beneficiary data in May 2025, and the Center for Medicare and Medicaid Services’ sharing of Medicaid beneficiary data with Immigration and Customs Enforcement (ICE). We encourage additional participatory research to understand evolving beneficiary priorities and concerns regarding government data collection and use.

For each insight, use the drop down to see detailed findings and hear directly from beneficiaries

Insight 1: Beneficiaries regularly put aside privacy concerns in order to access benefits. 

Themes: Privacy , trust

People are often resigned to sharing personal data to access essential benefits, despite harboring deep concerns about which entities—government and private—will access their information.

“Sometimes you have to put in your information, even if you’re not comfortable, to get the services you need. It’s part of the process. We just do it.” 

“Renee,” Arizona
Expand for full insights

For beneficiaries, little in the digital identity process inspires trust. As they type in their Social Security numbers and upload scans of their driver’s licenses, they are all too aware of the growing frequency of data breaches, identity theft, and online scams. Dense explanatory notes and terms of service shed little light on how their sensitive information is being used, let alone protected. 

The growing role of third-party verification companies raises even more questions. A participant from New York offered the following: “I would need to understand why [third-party involvement is] necessary. So, what are you going to do with that data? Is it for research purposes, or is it mandatory? But why would a third party need it? What’s the benefit to them, or to the government giving it to them?” 

While trust in government is not high, beneficiaries do seem to trust private companies even less—perceiving them as unlikely to be working in the public interest. 

The lack of transparency around data collection not only increases beneficiaries’ anxiety, it can also put them at greater risk—both for providing information in an unsafe way, or for misunderstanding what’s required to keep their benefits.

“I don’t think there’s complete transparency and openness about what the information is being used for, because the companies that have those terms of service or terms of agreement, they’re well aware that the majority of people aren’t going to sit there and read all 137 pages of what their information is being used for.”

“Chris,” Arizona

“If I get the code, it’ll be on the screen, and then you[‘ve] got to go to your email. It’s something simple, but I’d lose it. So, I got two phones … I’ll get this from my email, then I’ll punch it in on my other phone.”

-“Robert,” Massachusetts

“There’s a lot in [disclosures] that doesn’t need to be in there. If it could be distilled down, then I think they should understand what’s happening with their information. Part of that chunk of text is also telling people what their reporting responsibilities are. And it’s a huge problem because people don’t understand it.”

“Lily,” Boston

Putting it in context

  • Most Americans (79%) believe they have little to no control over how the government uses their data, and 77% say they have very little or no understanding of what the government is doing with the data it collects about them.   
  • Only 21% are confident that those with access to their personal information will treat it responsibly.  
  • More than half (56%) of Americans frequently click “agree” on privacy policies without actually reading the text.

Source: McClain et al. (2023).

Insight 2: Security and convenience are at odds in password use.

Themes: Security, account access

While beneficiaries value security, they also want to avoid getting locked out of accounts. As a result, convenience and ease-of-use are prioritized. 

“In the past, I usually have … the same password, which is, I know, not very smart, but I have gotten locked out of them a couple of times, and had to call to the help desk, and then they transfer to somebody else. And so it’s difficult if you do get yourself locked out.

“Belle,” Arizona
Expand for full insights

Despite knowing the security risks, beneficiaries describe reusing the same passwords, or slight variations on them, across multiple accounts. For some, this practice is motivated by a fear of being unable to easily regain access, which outweighs security concerns.  

Beneficiaries also describe defaulting to passwords created and saved by a device’s password manager. While not inherently insecure, this practice can lead beneficiaries to lose account access if that device is damaged or lost. Individuals can also lose password access if they get locked out of a password manager. Many people create less-secure systems to store their passwords, using spreadsheets, paper notebooks, or note-taking apps, to avoid such a situation.

“The one thing I struggle with is remembering the passwords for all these different things … because I least log into my SNAP benefits or things like that with the government, those passwords I just have a hard time with the government, those passwords I just have a hard time remembering. But again, you just have to recover it through your email and go through that whole process…It’s terrifying to think that someone could take my email account from me and I would lose access to, like, everything.”

-“Chris,” Arizona

“The thing about my phone, at least, is it creates its own password, sometimes before you can even think of a password, it’ll try and stick a password in there, and that’s very annoying, because I’m not gonna remember some random numbers that my phone stuck together. So then sometimes I’ll have to redo the application or the program, and that could take some time.”

-“Lauren,” New York

Putting it in context

  • Almost 70% of Americans are overwhelmed by the number of passwords they have to keep track of. Under half (45%) report feeling anxious about whether their passwords are strong and secure. 
  • Only half of adults say they choose passwords that are sufficiently secure, even if harder to remember.  
  • Fewer than half (41%) of Americans say they always, almost always, or often write down their passwords. Slightly more than a third (34%) save their passwords in their browser at that same frequency. Under a quarter (21%) regularly reset their online account passwords.  
  • More than a third (32%) of people report using a password manager, up from 20% in 2019. Roughly half (49%) of those ages 18 to 29 say they use these tools.

Source: McClain et al. (2023).

Insight 3:  Account access can prove difficult when personal information and service needs change.

Themes: Account access, life changes, human support

Beneficiaries’ device access and personal circumstances are not constant—email addresses change, and service needs ebb and flow over time. This can present challenges for account re-access, potentially leading to delays, frustration, and duplicate accounts.

“I have one main email that I use now. Unfortunately, some of my old stored stuff [is] under emails that are now dormant [or hard to access]… I don’t even know how to get into it, so there’s probably stuff there that I may need at some point, but I’m not gonna slay that bear today —just when I’m desperate and I find out that I need it… Then I start trying to figure out how to get into that other Google account. But I don’t have [the phone number I used for that account] anymore.”

“Marlene,” New York
Expand for full insights

Imagine a beneficiary who enrolls in a program, then becomes ineligible after getting a new job—only to return six years later after being laid off. To re-access their account, they’ll likely need the credentials they used when they first applied. But things like email addresses, usernames, or phone numbers can change or be forgotten over time. Email addresses in particular (most commonly used to register accounts) tend to change frequently, especially when people switch jobs or run out of storage.

In such cases, a beneficiary might create a new account with a new email, and end up with duplicate accounts. “Belle” from Arizona described her experience this way: “[On the identity verification service], I had two profiles [under different emails]. I didn’t mean to have two profiles, but I ended up with two profiles … It was kind of rough trying to get one of them to be deleted.”

It’s moments like these that beneficiaries seek out human support, certain they’ll be able to explain their situation and gain access quickly. But agency staff are often ill-equipped or unable to resolve issues related to duplicate accounts, which can result in application delays.  

The requirement to create an account in itself is often seen as a burden. People are generally reluctant to register unless they expect to have an ongoing relationship with a service and understand how having an account will save them time in the future. When beneficiaries do not clearly understand why an account is required, they tend to view them as unnecessary obstacles.

“Let’s say I’ve waited until the very last day to get something in, and then I go in to upload it, and I can’t get in because I don’t remember my password. And now I’ve locked myself out, and I can’t call to have [them] reset it, because it’s after hours. And I’m screwed, because by the time I can get back in to get in the information, it’s going to be [the next day] and that can mean the difference between getting food stamps today or two weeks from now.”

– “Belle,” Arizona

“For the Medicaid, I had an issue logging in because it says I already had an account, which I know I didn’t, but apparently I had multiple [state] accounts that I didn’t know of so that [resulted] in me having to call … So that was like a 30-minute call, and then I still had to go back to upload documents and sign documents … So even though I wanted to just do it online, that wasn’t an option for me for the Medicaid part.”

– “Samantha,” New York

“I’ve been hearing from people that their email box is full. ‘I’ve used up my storage. I can’t get into that one anymore.’ So we need to do a new one, which is a different hurdle, because if you have to change the email address that your [account] is associated with, you have to go through their help desk, which is really overloaded … And so it can take a really long time to get even a simple change like that made.”

– “Lizbeth,” Boston

“I had a previous account that they started … ‘We misspelled your [email] address. So we have an active account, so we’ll have to shut down that account, and you have to use another email address, which I do kind of find annoying, because I do have a primary email. Don’t use a backup. But I was like, if you can’t do anything about it, I’ll just have to use the backup account … So, yeah, I kind of have a false account in my name, whichI don’t like, kind of want them to remove it.”

– “Nancy,” New York

Insight 4: Unstable access to accounts and devices makes multi-factor authentication (MFA) a challenge.

Themes: Security, account access, device access, life changes

There is no doubt that multi-factor authentication increases security. But it can also lead to confusion and delays. Embedded in MFA is an assumption that beneficiaries have high digital literacy and stable access to the same set of devices, email accounts, and phone numbers used to set up their MFA system in the first place.

“If I get the code, it’ll be on the screen, and then you[‘ve] got to go to your email. It’s something simple, but I’d lose it. So, I got two phones … I’ll get this from my email, then I’ll punch it in on my other phone.”

“Robert,” Massachusetts
Expand for full insights

MFA requires users to supply multiple types of security “factors” (for example, something you know, something you have, and something you are) to access an account. MFA might look like logging in with a password, then entering a one-time code sent to your mobile device via SMS, or entering a PIN, then responding to a prompt in a separate authentication application.  

To complete MFA, beneficiaries typically need a device with internet access, up-to-date software, a working email address, and enough storage space. But even when someone owns such a device, they might not have it with them at the moment they need to apply—or they might not be able to access the email or phone number linked to their identity. MFA can also require switching between mobile and desktop interfaces, which often look and function differently, creating confusion. 

For people in unstable living situations, such as those experiencing homelessness, these challenges are even more pronounced. Phones can be lost or stolen, and numbers often change, making it difficult to complete authentication steps that rely on consistent access to a specific device, email, or SMS account.

“These codes are also very annoying, because sometimes I’m trying to do something at work, and I’m not allowed to have my phone, and then it’s like, ‘What was the code that was sent to your [phone]?’ and I’m like, I can’t get on that.”

-“Lauren,” New York

“If [beneficiaries] have to change phone numbers, that can also be a big issue. Because especially people who are experiencing homelessness, they get their stuff stolen a lot. So they might get a phone, and then they might lose it. It’s pretty common that their phones get lost somewhat regularly. So then if the multi-factor identification is sent to that particular phone number, then they have trouble finding another backup method to be able to access things.”

-“Mia,” Arizona (SME)

Putting it in context

  • Adults experiencing homelessness have reported high turnover rates in phones (56% after three months) and phone numbers (55% after 3 months).18

Insight 5: Biometric verification can come with usability issues and doubt. 

Themes: Privacy, trust, device access

Beneficiaries can struggle with biometric identity proofing for multiple reasons, including technical issues, a lack of proper identity documents, and confusion about how biometrics are integrated with other application and verification processes.

We get free phone service… the phone that has service on it, the back camera’s broken, but the front camera’s not, or something like that… I guess I could have, like, taken my picture with the other phone that doesn’t have service and then air dropped it or something to the phone that it does so that I could send it on… it would’ve been a struggle to be able to get that done.”

“Belle,” Arizona
Expand for full insights

Biometrics record key physical traits (like faceprints, iris scans, or fingerprints) or behavioral traits (such as signature or keystroke patterns) that identity verification platforms can use to automatically identify a person. Confusion often begins when a beneficiary is redirected from a government website to the third-party platform responsible for biometric identity verification. The sudden shift can raise questions about whether the site is legitimate and who will have access to the sensitive data—such as a scan of their face—which they are asked to share. 

For beneficiaries without access to an up-to-date smartphone or computer, challenges arise when they’re asked to provide a selfie or join a video call for human verification—processes that require access to a fully functioning device with a camera and video call capabilities. If a beneficiary is able to supply a selfie, but happens to lack the required government-issued photo ID often used to match a facial scan, the biometric verification platform will fail to verify their identity.    

“We just have a lot of folks who don’t have IDs that are needed and for various reasons, like maybe their wallet was stolen, or they don’t have transportation or money to go to the DMV or whatever, to get the driver’s license … some people just don’t have their original documents.”

– “Melissa,” Arizona (SME)

“Some things [while applying for unemployment insurance] worked with my iPhone and the others was my iPad … because my iPad is a little dangerous. So my iPhone is a little more upgraded. So I stuck to that. But for some things … like taking the photo and imaging, I had to use the iPad.”

“Xandra,” New York

Putting it in context

  • Facial recognition technologies have far higher error rates for people of color, women, older adults, and those whose gender expression has changed. Meanwhile, African American, Asian, and older adults experience more false matches than younger, white users.19
  • People with lower incomes, individuals who have disabilities, and members of marginalized racial and ethnic groups were the least likely to have a driver’s license or government-issued photo ID.20
  • Biometric methods that require users to physically position and hold devices—like palm recognition—are less usable for people with limited or no vision. Biometric methods that minimize the need for precise device manipulation are more usable for people with disabilities.21

Insight 6: Beneficiaries are split on comfort level with biometrics.

Themes: Trust, privacy, human support

Some beneficiaries are comfortable sharing biometric data, like images of their face, to verify their identity. Others are reluctant to do so, given the prevalence of identity theft and scams.

If someone wants my information or picture or ID, like a lot of people on Craigslist now, for like, gigs and stuff and jobs, they want your your identification, like I don’t even know you—why would I give you that, you could steal my identity and give it to somebody else? So you have to be very cautious nowadays, because people can really steal your identification fast.”

“Terrance,” New York
Expand for full insights

Some beneficiaries don’t think twice about uploading a selfie to prove who they are—compared to the rest of the process, taking a selfie likely feels easy and familiar. For these individuals, sharing a photo of their face might seem less risky than handing over their Social Security number. 

But for others, alternatives like human-to-human identity verification feels more reliable and comfortable—they know a real, trustworthy person is accessing their sensitive information, and that the verification is being taken care of right away. “Lauren” from Massachusetts recalled, “When I tried to change my name when I got married, somebody had to call me and literally stare at me and verify my face from my ID … I feel like looking at a real person is better because when you send it through the computer … you never know when somebody’s actually going to look at it, but if somebody actually looks at it while you’re right there, you know that it’s being dealt with in that moment.”

Ultimately, personal experiences and preferences color how a beneficiary interprets biometric requests.

“It was kind of awkward. I think a little bit weird. I didn’t necessarily want my face to be out there, because it’s just, you know, you take a picture and you’re like, ‘Oh my god, I can’t believe what I look like.’ And I mean it’s not like I’m ever going to see anybody that sees that, or if it’s even a person. It’s probably AI anyways. But yeah, that was kind of awkward for me.”

– “Belle,” Arizona

“Whatever, I was like, ‘You just want to make sure that I’m [who I say I am].’ I understand why they do that, to make sure that the photo on the ID matches the photo the person doing it, so that, I guess, made me feel on one hand a little bit more comfortable … that’s an extra verification process, and validating that my ID matches my physical face.”

– “Sophia,” New York

“I feel outside of giving my Social [Security number], you can ask for my driver’s license card number, you know, date of birth. I wish they had a photo verification thing where it takes a picture of your face, you know. And there should just be a different way outside of me giving my Social Security number.”

– “Chris,” Arizona

Putting it in context

  • Those with lower incomes are concerned about internet scams or fraud at twice the rate as those with higher incomes.22
  • Roughly half of Hispanic, Black or Asian adults are very worried about people stealing their identity or personal information. Only a third of white adults report feeling this way.23
  • Black identity theft victims express multiple fears surrounding biometrics for identity proofing, including  fear of misuse, physical vulnerabilities, and lack of representation and biases in biometric systems.24

Insight 7: Beneficiaries want access to personalized human support, even if it costs them time.

 Themes: Human support

When navigating public benefits, even beneficiaries with high digital literacy want human support. They are often willing to endure uncomfortable in-person experiences and long hold times to get it.

“In spite of me being a very tech-savvy person … I still find it more comfortable to go in person,  because when I do it online there’s that blockade that pops up… At least when I go up in person, even though I used to have to wait 3 to 6 hours at the [agency], it was worth it because I got some type of direction, or I got a little bit closer to being able to apply.”

“Chris,” Arizona
Expand for full insights

People seek out personalized human support for many reasons—whether it’s to troubleshoot technical issues, confirm they’re completing a task correctly, or simply to receive reassurance during a stressful process. As pathways to human support become increasingly rare, even for complex tasks like applying for benefits, many people still want the option to speak with a real person for guidance and clarity. For these individuals, the long wait time required is worth it. 

When beneficiaries cannot access human support during application processes, they will commonly turn to informal sources of help, such as family members, friends, or online communities. While this kind of support can be convenient, it also carries risks: People may receive inaccurate advice or unknowingly compromise their personal information, sometimes even leading to identity theft.

“I think that it’s good to have a human and that, like, I had, like, a really specific stuff going on when I was applying for SNAP, because my ex husband was claiming the kids, and I was claiming the kids, and I was like, ‘Is this going to affect everything?’ And I don’t know if a chat bot could help in that situation, but it would be nice to have a chat person if you’re not talking to somebody.”

– “Kim,” Massachusetts

“I don’t normally upload my information… I prefer to take it to them that way. ‘I know you had this handed to you in person,’ and then, usually, when you hand it in person, they’re supposed to date it, stamp it, and date it that way. It’s proof that you brought that in there.”

– “Talia,” New York

“I need to talk to somebody. I would say, now more than ever, yes, I’m done talking to a robot. I can’t do it anymore. I need to talk to a living person. I’ll do that every time I call an 800 number, I will say, can I please talk to an assistant? Can I talk to some an actual person I don’t want to talk to, like the automatic call assistant…certain things that I have to ask somebody. There’s something that your automatic system just can’t do for me in depth.”

– “Nancy,” New York

I’ve had people who’ve had close people helping them, and then they steal their information. I had one client who was developmentally disabled, who I finally got $6,000 for him … and his brother who lived with him… the friday before he was about to get his payment, switched the payment information, and stole that money… so it’s compounded trauma.”

-“Mia,” Massachusetts (SME)

Insight 8: Security questions and knowledge-based verification do not reflect diverse life experiences.

Themes: Account access, privacy, life changes

Knowledge-based verification (KBV) and security questions best serve those with stable histories and easily-recalled personal details, creating challenges for older beneficiaries, and those with diverse or non-traditional life experiences.

“The only problem [with KBV] is that I’ve lived in a million places, and sometimes it’s confusing, and I’m older, so, you know, where did I live? … Usually I recognize the streets … or, you know, there’s some places where I was a little bit unstable and I don’t remember where I lived.” 

“Marlene,” New York
Expand for full insights

Knowledge-based questions and security questions are commonly confused. 

  • Security questions are based on a “secret” that a user knows, such as the name of their middle school, or their mother’s maiden name. These are set by the user. They are used as a security feature when someone is logging in to an account.
  • Knowledge-based questions are multiple-choice questions based on a user’s private information, such as their credit history. These are auto-generated by the verification system. These are often used to verify someone’s identity.

With vast volumes of personal information exposed by data breaches in recent years, neither type of question is considered secure

KBV also comes with built-in bias. It relies on matching personal information against data held by credit bureaus or data brokers. If you are credit invisible—meaning you have little or no credit history—your information will not appear in these records. If you are unbanked—having no credit or savings account at a bank or credit union—it’s also less likely that your address or other information will show up in records checks. For those who are unbanked or credit invisible, there will be little data to serve as sources for KBV, meaning it may not be possible for the system to generate questions.

Beneficiaries often describe their experience with KBV and security questions as neutral or positive, with some feeling that these tools add an extra layer of protection. But individuals who have changed addresses frequently over their lives, or whose memory isn’t as sharp, are more likely to make errors when answering KBV prompts. This can result in being locked out of accounts or facing delays in access. 

Beneficiaries often see security questions as a more convenient alternative to multi-factor authentication when trying to recover account access. At the same time, pre-set security questions often fail to reflect people’s diverse backgrounds—for example, assuming a two-parent household or a single childhood phone number. Like passwords, security questions can also be difficult to remember, prompting some people to create workarounds, such as saving screenshots of their answers—actions that can ultimately compromise their account security. 

“Security questions are usually pre-set, and in the pre-set it’s usually like, ‘When were you married? What’s your spouse’s name? What are your kids’ names?’ I’m not married, I don’t have kids …like asking me what my childhood phone number was, I mean, I had three … or ‘what was the address?’ You know, there’s certain questions, especially in today’s world where people are very transient … [that] can be very ambiguous.”

– “Sophia,” New York

“[It] wasn’t difficult for me to remember the answer to the [security] questions … depending on the question you choose. Because if people really know you, they’re like, ‘Yeah, I know her first grade teacher was Mr. Johnson.’ That’s not too good, right? So you have a choice within the questions, what you want to choose, which is great.”

– “Xandra,” New York

“I don’t like [security questions] because then … I’ll be like, what did I answer for it? Because sometimes I forget what I did. But I know if it asks us for your mom or your mom’s maiden name, I can always remember that, because that doesn’t change.”

– “Selena,” Arizona

Putting it in context

  • In 2023, 14.2% of U.S. households (19 million households) were considered underbanked and 4.2% (5.6 million households) were unbanked.25
  • As of 2022, 28 million American adults were credit invisible.26
  • Young people (18-29 year olds), Black, Hispanic, and Native Americans, low-income, and disabled people are all more likely to be unbanked or lack credit.27

Insight 9: Not all friction is equal—some helps, some harms. 

Themes: Security, account access, trust

Additional layers of security can make people feel their information is being protected, but can also present a barrier when seen as disproportionate to the level of risk.

“I had to do a virtual call with an assistant as well to double, I think, quadruple verify that I’m me, which is fine because, of course, I do not want to go to jail for fraud. But I was just like, ‘God, just imagine if this was an emergency. I don’t have time to wait for a virtual phone call … I give you all this information. Can we just go ahead?’ … So it’s tedious. I understand it’s easy to steal someone’s information, but I was just really hoping it wouldn’t have to be so much.”

“Nancy,” New York
Expand for full insights

Digital identity processes can involve phone calls, video chats, visits to multiple websites, file uploads, and trips to the post office. Sometimes, these steps are seen only as unfair burdens. Recall “Kim” from Massachusetts’s observation, “They seem to know who I am when they want me to pay taxes and everything. But then all of a sudden, when they’re supposed to be doing something for me, they’re like, ‘Well, do I know you? Who are you?’” 

Other times, these multiple layers of security instill confidence that an institution is doing all it can to keep personal information safe. Even those who feel uneasy about certain parts of the process, like submitting a photo of their face, are often willing to comply if they believe it genuinely enhances the security of their accounts.

But these positive feelings can quickly fade when beneficiaries are asked to submit the same information repeatedly, without being told why. Instead of enhancing security, they start to see inefficiency, or even intentional deceptiveness. “Seth” from Massachusetts described what this feels like: “If you look at it closely, it’s the same question, like, four or five times, and it’s like, ‘Um, are you trying to trick me into, like, making a mistake?’”

“I feel more secure when I have to show my face or share a photo.

– “Lauren,” New York

“I like that [identity proofing] is extra security before I give all my information up.”

– “Frank,” Arizona

“Whatever I was like, ‘You just want to make sure that I’m [me].’ I understand why they do that, to make sure that the photo on the ID matches the photo [of] the person doing it, so that, I guess, made me feel on one hand a little bit more comfortable … that’s an extra verification process…validating that my ID matches my physical face.”

“Sophia,” New York

“When you make an account… every single time you log in, you have to go through like, 10 steps to actually get to the application. They want you to do Face ID or a Zoom call where you’re talking to an actual person, and they see you, and you gotta hold up your ID … And I understand that making this secure, but it’s also very tedious, like, why do we have to keep checking all these boxes every single time?”

“Seth,” Massachusetts 

Recommendations

The insights above present an array of opportunities for designing digital identity processes that better acknowledge and accommodate the diverse lived experience of beneficiaries.

Below, we offer a set of recommendations to help you make these opportunities a reality, divided into three categories: Building Trust, Account Creation and Authentication, and Identity Proofing. 

We recognize that state agencies are all at different stages of their identity management design and implementation journeys. We also know that, in the coming months and years, agencies will continue to have to make choices about which improvements to prioritize. The recommendations below include opportunities for agencies at different points of the identity management life cycle. Some may require additional resources to enact, while others can be achieved using existing staffing and resources. 

Additionally, agencies can prioritize a selection of the recommendations based on their clients’ needs and available resources, instead of implementing all of them simultaneously.

For each recommendation, use the drop down to see more detailed suggestions

Building Trust

These recommendations focus on increasing human support and transparency around digital identity processes and requirements. (See insights above labeled with the themes trust and human support.)   

  1. Build trust by providing simple explanations of how people’s data will be used. 
Expand to see how to do this

How to do this:

  • Explain privacy policies and data sharing and retention practices in easy-to-understand, plain language. Test these explanations with real people to ensure clarity and efficacy (note that adding too much text can create additional cognitive overload). 
  • Clearly explain how the platform integrates and shares data with other systems—for example, systems run by other government agencies, external data verification sources, and particularly third-party platforms used for identity proofing.
  • Clearly explain to beneficiaries why they may need to provide the same information multiple times, such as when applying for different benefits programs within the same state. For example, clarify that agencies managing separate programs may intentionally not share data with each other.
  • Minimize the information you collect to only necessary data points. Having to explain the rationale for what you’re collecting should encourage you to request only what’s required to determine someone’s identity and/or eligibility. 
  1. Invest in maintaining and strengthening human support pathways.

Even beneficiaries who are comfortable using technology and self-service pathways want access to human support. For some beneficiaries—older adults, those without access to a computer or smartphone, or people with disabilities—human support might be the difference between accessing benefits and going without.

Account Creation and Authentication

These recommendations relate to creating risk-based account creation and authentication processes that can help beneficiaries make secure choices while ensuring accessibility. (See insights above labeled with the themes account creation, privacy, security, device access, and life changes.)

  1. Take a risk-based approach to evaluating whether a specific interaction or transaction requires an account.

In this context, “risk-based” means designing processes that are proportionate to the sensitivity of your system’s data and interactions. Higher sensitivity equals higher risk. 

Expand to see how to do this

How to do this:

  • Consider the types of transactions a person might need to perform on a portal or as part of an application. Ask things like: Will someone interact with the system multiple times, or just once? Are people only submitting information, or can they also access past transactions and information? Is there any sensitive information they might be able to view or change in the system? Is there a scenario where someone might not need an account to start (e.g., submitting information), but could make an account later? 
  • NIST’s Digital Identity Guidelines and the resources developed for the BalanceID project will help you assess your system’s level of risk and determine which account and verification features will keep it and its users safe.  
  • Make creating an account, when required, easy and quick. As noted above, assess specific interactions within your system to determine if account creation is needed. If you do offer or require account creation, users should not need to enter many data points to set up accounts. That said, giving users the option to attach multiple contact methods to an account, such as a physical address, email address, and phone number, can help ease account re-access if a user loses access to one contact channel, such as their email address.
  1. Structure the password creation process to make it easier for beneficiaries to make strong security choices.
Expand to see how to do this

How to do this:

Passwords that are hard to remember can be counterproductive for security, and complex requirements are unlikely to lead to more secure passwords.

  • Allow beneficiaries to use a password manager when creating an account. This will discourage less safe strategies for remembering passwords, such as writing them down. 
  • Set up easy, customer-centered password recovery. For beneficiaries who do forget their password, it should be easy to reset through self-service mechanisms or with human support—even if they no longer have access to their initial email account used to set up the account. This is more feasible if a person chooses to associate multiple communications channels (e.g., email, phone number, physical address) with their account.  
  • Encourage users to generate passphrases instead of passwords. Passphrases—longer sequences of random words—have proven more secure than passwords and, when user-generated, are more memorable.28
  • Consider other emerging authentication measures, such as passkeys—a passwordless authentication credential that leverages public-key cryptography. (Note that this approach will not work for all users, so should not be a requirement for account access.)

Reminder: Individuals often prioritize convenience and concerns about re-access over security.

  1. Provide multiple pathways for individuals to successfully use MFA, and clear information about why MFA is needed. 
Expand to see how to do this

How to do this:

  • When using accounts with MFA, offer multiple MFA options at the time of account set-up, recognizing that no approach will work for all users. The more options you can support, the better. Having multiple MFA options in place can also help prevent account lock-outs and enable account recovery. 

You can use different kinds of “authenticators” for MFA, such as passwords, security tokens, and Face ID. These vary in their security, and how well they work for different user groups. Learn more about MFA options.

Be sure to give users choices, so the system works for people with different devices, skills, and circumstances.

  • Use recovery contacts as a method for account recovery. A recovery contact allows a beneficiary to name another trusted person as the recipient of a recovery code. Recovery contacts can present challenges—for example, someone’s relationship to a trusted contact can change, or the recovery contact might abuse the account owner’s trust. However, recovery contacts can provide a useful pathway for beneficiaries to regain access to an account even if they lose access to email addresses or phone numbers.
  • Provide clear explanations for how MFA keeps users’ information safe. MFA can feel burdensome. Being transparent about its value may help beneficiaries feel more confident and comfortable completing the required MFA processes. 
  • Avoid security questions (or rethink them if necessary). Security questions are not recommended as a best practice. Despite this, many agencies currently use them as an MFA option, or, in some cases, the only MFA pathway.29 If you are already using security questions, consider retiring or replacing them with other kinds of authenticators at the earliest opportunity. In the meantime, use improved practices30 to ensure that questions are:
    • Memorable (something that can be immediately recalled)
    • Confidential (e.g., a hacker cannot find the answers by looking through a beneficiary’s social media account)
    • Consistent (answers won’t change over time)
    • Simple (cannot be easily misinterpreted)  
    • Trauma-informed and sensitive to the varied life experiences of individuals31 

Be sure to offer multiple questions to choose from.

Reminder: Answers to security questions can be forgotten, are vulnerable to attack, and often do not work well for the varied life experiences of individuals.

  1. Ensure there are clear and easy-to-use pathways for individuals to regain access to accounts and reset passwords.
Expand to see how to do this

How to do this: 

  • Make clear to users how to update their credentials when needed—for example, how to reset their password. Ideally, this can be done through a self-service pathway (e.g., using an existing MFA option), but human support (such as a call center or customer support email address) should be available to provide information about the process to individuals who struggle with the self-service option. 
  • Support account and password reset processes, both directly—through plain-language instructions—and by offering call center support. Support may come from within a benefits-administering agency or a central, state-level IT program, for example, if a benefits application is integrated with a state’s single sign-on system.
  • Help users prevent and merge duplicate accounts. Many agencies already have systems in place to prevent users from creating duplicate accounts, and merge duplicate accounts when necessary. Having multiple unlinked accounts can make it harder for users to manage their interactions with government agencies. Agencies can address and prevent duplicate accounts within their system (e.g., reviewing records and identifying potential duplicate accounts). Agencies may also enable users to merge their accounts themselves by helping them identify potential duplicate accounts and, with appropriate verification in place, allowing them to merge those accounts. Agencies may consider adding prompting language to the account creation process reminding users to check whether they already have an existing account. However, the burden to prevent duplicate accounts should not be placed on beneficiaries. 

We know that securely managing duplicate accounts can be a challenge for many government agencies. We are eager to work with state and local leaders who are interested in addressing this issue. 

Identity Proofing

These recommendations relate to approaching things like biometrics, ID document uploads, and mobile driver’s licenses (mDLs), with attention to beneficiaries’ diverse skills and wide-ranging life circumstances.  (See insights above labeled with the themes security, account access, human support, and life changes.) 

  1. Take a risk-based approach to online identity proofing.

Assess whether it’s necessary for a given transaction, and to what extent. This includes considering where in the user journey identity proofing occurs. For example, you may not need identity proofing before account creation or submission, but it could be introduced later—such as before issuing payments or for applicants requiring additional screening.

  1. If proofing is necessary, ensure there are multiple ways for beneficiaries to prove their identities

Beneficiaries want their private information to be secure, but also want to be able to successfully apply for and manage their benefits through the channels that work best for them. Be cognizant of how different options may work more or less well for different groups.

Expand to see how to do this

How to do this: 

Offer in-person proofing options for those who prefer them. While in-person identity proofing options may not be convenient for all users, some individuals will find providing identity documents in-person to be more comfortable or accessible. Agencies should continue to provide this option, whether through visits to agency offices, or in partnership with other government agencies or trusted local service providers, such as public libraries.

Reminder: Knowledge-based verification (KBV) is not recommended as a security practice by federal agencies, including NIST and the Government Accountability Office, as much of the data used to populate KBV questions—data held by credit bureaus or data brokers—has been exposed in data breaches. And, as noted above, KBV presents challenges to people who are credit invisible or unbanked, older adults, people with memory problems, and individuals who have changed addresses many times or experienced other types of life changes.

  1. Be cautious about adopting alternatives like biometrics and mobile driver’s licenses.

Emerging technologies should be carefully evaluated and only used with strong guardrails. 

Expand to see how to do this

How to do this: 

  • Do not default to biometrics. Biometrics come with biases and usability issues, particularly for historically marginalized groups. Additionally, collecting biometrics as part of identity proofing means that someone (likely a third-party vendor) must be responsible for managing the retention and deletion of biometric records. Biometrics are much harder to change than passwords if exposed in a breach.32

Reminder: Biometric facial recognition tools continue to have mixed performances, with some products having higher error rates for people of color, women, older adults, and those whose gender expression has changed, with the highest rates among Black women. Additionally, individuals are often wary of sharing a photo of their face with a computer system—a task that also assumes they have easy access to a fully-functioning smartphone.

  • Approach the integration of mobile driver’s license programs with caution, and employ strong privacy guardrails and data minimization practices. An increasing number of states are developing and deploying mDLs. This can present new pathways to securely verify peoples’ identities, but also new risks for misuse. If your state is developing an mDL and your agency has an opportunity to integrate it into your processes, assess what data protections and additional guardrails exist to protect user privacy and minimize the risks of surveillance.

Further reading: For more on the promise and risks of mDLs, see:

What’s next

In addition to the recommendations above, our research has pointed to several areas worthy of further exploration and questioning. We hope benefits-administering agencies, CBOs, policymakers, advocates, and philanthropic funders will consider how to engage these opportunities as next steps in their own work.

  1. Additional research with individuals who face greater barriers to accessing public benefits. We advocate for additional research with populations who are likely to experience the most difficulty with digital identity processes. This includes adults over 65, people with disabilities, identity theft victims, individuals living in rural communities, individuals with limited English proficiency, and beneficiaries without technology or broadband access. More time with more people will offer a fuller picture of common barriers and illuminate potential solutions. 
  1. Usability testing and observational research. Above, we note that one limitation of qualitative interviewing is a lack of insight into real-time feedback. To deepen the insights included in this report, we advocate for live usability testing sessions where  beneficiaries interact with digital identity processes—allowing researchers to observe real-time emotional responses, implicit behaviors, technical and process-oriented difficulties, and areas of confusion. We encourage states to lead on this research, as they have the most power to make changes to digital identity processes based on what they learn. 
  1. Co-creation of design patterns for account creation, ongoing account access, and identity proofing. Benefits systems across the country use different designs for their digital identity processes. Co-created design patterns—blueprints for digital identity processes that could be used across states—could reduce the labor and resources needed to design these processes, and ensure systems work well for the people who use them. Agencies and CBOs might work towards the recommendations above by including beneficiaries in the design of reusable design patterns—a collaborative approach that guarantees their needs are baked into the foundation of these systems. We believe an open-source design pattern library would be a valuable public good.   

To learn more:

  • Join the Digital Identity Community of Practice, hosted by the Digital Benefits Network, to join other stakeholders from across state, local, tribal and territorial government; federal government; direct service providers; advocacy organizations; academia; and industry to foster shared learning, dialogue, and collaboration. The community is open to all regardless of technical background.
  • Review related resources on the Digital Government Hub
  • Contact the Digital Benefits Network’s digital identity team at digID@georgetown.edu.

Acknowledgements

The DBN and PPL teams would like to thank each of the 29 beneficiaries and four subject matter experts we spoke to in Arizona, Massachusetts, and New York for sharing their expertise and lived experiences with us. This study could only exist thanks to their openness and generosity, and our hope is that the work will ultimately lead them to enjoy more friendly and trustworthy experiences with benefits service delivery.

Our community partners—Just A Start (MA), Wildfire AZ, Greater Boston Legal Services, Pima County Public Library System, Yonkers Public Library, and Boston Public Library—also made this work possible, by offering their time, expertise, resources, and connections. Thanks to these organizations, our teams were able to meet diverse beneficiaries, learn from subject-matter experts who support these beneficiaries every day, and host interviews in comfortable and accessible spaces. Your support was critical to this research, just as it is critical to beneficiaries seeking public benefits in your communities. 

This report was authored by Rachel Meade Smith and Elizabeth Bynum Sorrell. Research was designed and conducted by Public Policy Lab’s Brielle Mariucci, Jaime Stock, Anke Stohlmann, Judy Park Lee, and the Digital Benefits Network’s Elizabeth Bynum Sorrell, Quinny Sanchez Lopez, and Elisa Fox. With special thanks to Ariel Kennan, Chelsea Mauldin, and Shanti Mathew for feedback and guidance provided to the project. 

We would also like to thank the Beeck Center for Social Impact + Innovation’s communications team—Jessica Yabsley and Gerard Ramos, and copy editor, Sabrina Toppa; and the Beeck Center’s operations team, including Molly Porter and Angela Carabelas, who provided key support to enable the partnership between the Digital Benefits Network and Public Policy Lab. 

All photo and video materials were captured by Public Policy Lab team members.

Citation

Cite as: 

Elizabeth Bynum Sorrell and Rachel Meade Smith, “Digital Doorways to Public Benefits: Understanding Beneficiary Experiences with Digital Identity,” Digital Benefits Network, September 9, 2025, https://digitalgovernmenthub.org/publications/digital-doorways-to-public-benefits-user-experiences-with-digital-identity/.

Appendices

  1. Key Differences in Medicaid, SNAP, and UI Applications
Expand for more

MAGI Medicaid:33

  • The majority of online  applications for MAGI Medicaid are integrated with other benefits programs and let people apply for multiple programs at the same time.
  • Most applications that include MAGI Medicaid require applicants to sign-in to submit an application.
  • Just over half of applications that include MAGI Medicaid require or prompt applicants to take active identity proofing steps to apply online. (“2024 Edition: Account Creation and Identity Proofing in Online MAGI Medicaid Applications,” Digital Government Hub)

SNAP:

UI:

  • Almost all UI applications require applicants to sign in with an account when applying.
  • Most agencies still require UI claimants to undergo some sort of active identity proofing process before, during, or after submitting claims.
  • Most agencies are still relying on biometrics (e.g., asking applicants to upload identity documentation and video or live selfies), but there has been a significant increase in the number of in-person verification options and the ability to choose an identity proofing pathway between 2023 and 2024. (2024 Edition: Account Creation and Identity Proofing in Online UI Applications,” Digital Government Hub)
  • As of October 2024, the key differences across each state’s Medicaid, SNAP, and UI experiences included the following:

SNAP + Medicaid Applications

State Integrated application including SNAP + Medicaid? Account required to apply for SNAP? Account required to apply for Medicaid? Identity proofing (KBV) used in integrated SNAP + Medicaid application? Identity proofing (KBV) used in standalone Medicaid application?
Arizona Yes Yes Yes Yes, optional N/A
Massachusetts No No Yes N/A Yes
New York Yes Yes Yes No Yes

UI Applications

State Identity proofing required to apply?  Biometrics (through ID.me) for identity proofing? Login.gov for identity proofing? USPS used for identity proofing?
Arizona Yes, during claim filing Yes No No
Massachusetts Yes, after claim filing No Yes Yes
New York Not always Yes No No
  1. Research Questions by Area of Injury
Expand for more
  1. Access: What accessibility challenges do beneficiaries face when navigating digital identity processes across different contexts, devices, and personal circumstances?
  • What usability or access concerns are most important to beneficiaries and applicants?
  • How do factors related to identity and ability impact the needs and preferences of beneficiaries?
  • How do beneficiaries typically engage with digital identity processes, such as creating accounts or proving their identities?  Where does this occur, using which device(s), and which approaches do they use to organize credentials?

2. Consent: How do beneficiaries experience choice, control, and transparency in digital identity processes?

  • How do beneficiaries feel about their choice in using digital identity processes? Do they feel like they have a real choice?
  • How clearly do beneficiaries understand what happens to their personal data when using these systems?
  • What do beneficiaries know about their rights to control, update, or remove their information?

3. Support: What support systems are available to applicants, and how do they interact with them?

  • Where do beneficiaries go when troubleshooting identity proofing systems?
  • What are beneficiaries’ experiences when learning about how to access benefits from support systems?

4. Trust: How do digital identity processes and/or external forces affect beneficiaries’ trust, agency, and experiences accessing public benefits?

  • How do people feel as they navigate the digital identity process?
  • How do identity proofing systems impact beneficiaries’ trust in government?
  • How much do beneficiaries trust third-party digital identity processes? How does the use of third-party systems affect their overall experience?
  1. Design Stimuli

Related Resources

Accessibility

Prioritizing Access and Safety Q&A on Service Design in Digital Identity

The Digital Benefit Network’s Digital Identity Community of Practice held a session to hear considerations from civil rights technologists and human-centered design practitioners on ways to ensure program security while simultaneously promoting equity, enabling accessibility, and minimizing bias.

  • Beeck Center for Social Impact + Innovation
  • 2025

Sources Cited

  1. Herd, P., & Moynihan, D. (2018). Administrative burden: Policymaking by other means. Russell Sage Foundation. ↩︎
  2. These focus on service delivery questions, and do not include policy issues like work requirements. ↩︎
  3. Musumeci, M., Haldar, S., Childress, E., Artiga, S., & Tolbert, J. (2022). A 50-state review of access to state Medicaid program information for people with limited English proficiency and/or disabilities ahead of the PHE unwinding. KFF. https://www.kff.org/medicaid/issue-brief/a-50-state-review-of-access-to-state-medicaid-program-information-for-people-with-limited-english-proficiency-and-or-disabilities-ahead-of-the-phe-unwinding/ ↩︎
  4. U.S. Census Bureau. (2025, April). Disability, employment, and benefit receipt: 2021https://www2.census.gov/library/publications/2025/demo/p70-203.pdf;   Drake, P., & Burns, A. (2024, January 4). Working-age adults with disabilities living in the community. KFF. https://www.kff.org/medicaid/issue-brief/working-age-adults-with-disabilities-living-in-the-community/ ↩︎
  5. Burnside, A., Lower-Basch, E., Dolby, T., Gilkesson, P., & McCorkell, L. Advancing disability equity and access in TANF and SNAP for people with long COVID. (2022, October). Center for Law and  Social Policy. https://www.clasp.org/wp-content/uploads/2022/10/2022.10.12_Advancing-Disability-Equity-and-Access-in-TANF-and-SNAP-for-People-with-Long-COVID.pdf ↩︎
  6. Someone experiencing homelessness, on average, submits 40% fewer documents compared to other applicants. Applicants experiencing homelessness are about 31% more likely to be denied for missing documents than those with stable housing. (Docker, C., Giannella, E., Hung, N., & Jooste, F. (2019, February). Barriers to CalFresh for applicants experiencing homelessness. Code for America.  https://s3-us-west-1.amazonaws.com/codeforamerica-cms1/documents/Barriers-to-CalFresh-Report_Code-for-America_February-2019.pdf) ↩︎
  7. Gelles-Watnick, R. (2024, January 31). Americans’ use of mobile technology and home broadband. Pew Research Center. https://www.pewresearch.org/internet/2024/01/31/americans-use-of-mobile-technology-and-home-broadband/ ↩︎
  8. Code for America. (2024). Benefits enrollment field guide. https://codeforamerica.org/explore/benefits-enrollment-field-guide/ ↩︎
  9. In 2024, Code for America reported an increase in online applications across U.S. states, with 77% of all applications now being online, compared to 64% in 2019. (Code for America. (2024)). ↩︎
  10. This is why it’s critical to give people choice in how they interact with benefits, such as providing the option to apply with paper applications and visiting field offices in person. ↩︎
  11. Hecker, I., Spaulding, S., & Kuehn, D. (2021, September). Digital skills and older workers: Supporting success in training and employment in a digital world.. Urban Institute. https://www.urban.org/sites/default/files/publication/104771/digital-skills-and-older-workers.pdf;  Yang, R., Gao, S., & Jiang, Y. (2024). Digital divide as a determinant of health in the U.S. older adults: Prevalence, trends, and risk factors.   BMC Geriatrics. https://pmc.ncbi.nlm.nih.gov/articles/PMC11662839/ ↩︎
  12. Auxier, B., Rainie, L., Anderson, M., Perrin, A., Kumar, M., & Turner, E. (2019, November 15). Americans and privacy: Concerned, confused, and feeling lack of control over their personal information. Pew Research Center. https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information ↩︎
  13. McClain, C., Faverio, M., Anderson, M., & Park, E. (2023, October 18). How Americans view data privacy. Pew Research Center.  https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/ ↩︎
  14. Madden, M. (2017, September 27). Understanding the privacy and security experiences of low-SES populations. Data and Society. https://datasociety.net/pubs/prv/DataAndSociety_PrivacySecurityandDigitalInequality.pdf ↩︎
  15. McClain et al. (2023). ↩︎
  16. U.S. Food and Nutrition Service. (2025). Supplemental Nutrition Assistance Program (SNAP)—key statistics and research. https://www.ers.usda.gov/topics/food-nutrition-assistance/supplemental-nutrition-assistance-program-snap/key-statistics-and-research ↩︎
  17. Medicaid.gov. (2025). April 2025 Medicaid and CHIP enrollment data highlights. https://www.medicaid.gov/medicaid/program-information/medicaid-and-chip-enrollment-data/report-highlights  ↩︎
  18. Rhoades, H., Wenzel, S.L., Rice, E., Winetrobe, H., & Henwood, B. (2017, March 22). No digital divide? Technology use among homeless adults. Journal of Social Distress and Homelessness, 26(1), 73—77. https://www.tandfonline.com/doi/full/10.1080/10530789.2017.1305140 ↩︎
  19. Fatima, K., Schuckers, M., Cruz-Ortiz, G., Hou, D., Purnapatra, S., Andrews, T., Neupane, A., Marshall, B., & Schuckers, S. (2024). A large-scale study of performance and equity of commercial remote identity verification technologies across demographics. 2024 IEEE International Joint Conference on Biometrics, 1–8. https://ieeexplore.ieee.org/document/10744432; National Institute of Standards and Technology. (2019, December 19). NIST study evaluates effects of race, age, sex on face recognition software. U.S. Department of Commerce. https://www.nist.gov/news-events/news/2019/12/nist-study-evaluates-effects-race-age-sex-face-recognition-software; Buolamwini, J., & Gebru, T. (2018). Gender shades: Intersectional accuracy disparities in commercial gender classification. Proceedings of Machine Learning Research, 81, 1–15. https://proceedings.mlr.press/v81/buolamwini18a/buolamwini18a.pdf; Currah, P., & Mulqueen, T. (2011). Securitizing gender: Identity, biometrics, and transgender bodies at the airport. Social Research. 78(2), 557–582. https://academicworks.cuny.edu/cgi/viewcontent.cgi?article=1334&context=gc_pubs. ↩︎
  20. Hanmer, M.J., & Novey, S. (2023, March 13). Who lacked photo ID in 2020?: An exploration of the American National Election Studies. Center for Democracy and Civic Engagement. https://www.voteriders.org/wp-content/uploads/2023/04/CDCE_VoteRiders_ANES2020Report_Spring2023.pdf ↩︎
  21. ten Brink, R.N., & Scollan, R.I. (2019, September). Usability of biometric authentication methods for citizens with disabilities. MITRE. https://www.mitre.org/sites/default/files/2021-11/prs-19-1396-usability-biometrics-for-disabilities.pdf ↩︎
  22. Madden, M. (2017). ↩︎
  23. McClain et al. (2023). ↩︎
  24. Green, G., Runner, S., & McKethen, T. (2023, September). Identity in practice report: Understanding identity crimes in Black communities. Identity Theft Resource Center. https://static1.squarespace.com/static/66d87d8bf73b364cf7d6ac11/t/67c8c2434d38ca0736cb039c/1741210180443/Identity+in+Practice+Report+-+Sept+2023.pdf ↩︎
  25. Federal Deposit Insurance Corporation. (2024, November). 2023 FDIC national survey of unbanked and underbanked households. https://www.fdic.gov/household-survey/2023-fdic-national-survey-unbanked-and-underbanked-households-executive-summary ↩︎
  26. Hepinstall, M., Chandrasekhar, C., Carroll, P., Dykstra, N., & Ulucay, Y. (2022). Financial inclusion and access to credit. Oliver Wyman. https://images.go.experian.com/Web/ExperianInformationSolutionsInc/%7B63ec9888-37ea-405c-b39d-7492de9143ce%7D_FINALExperian_report_14_01.pdf ↩︎
  27. Brevoort, K.P., Grimm, P., & Kambara, M. (2015, May). Data point: Credit invisibles. Consumer Financial Protection Bureau’s Office of Research. https://files.consumerfinance.gov/f/201505_cfpb_data-point-credit-invisibles.pdf ↩︎
  28. Keith, M., Shao, B., & Steinbart, P. (2009). A behavioral analysis of passphrase design and effectiveness. Journal of the Association for Information Systems, 10(2). https://scispace.com/pdf/a-behavioral-analysis-of-passphrase-design-and-effectiveness-39twfjqxa2.pdf ↩︎
  29. Sorrell, E.B., Kennan, A., Reddy, A., Granger, I., Xiong, M., Zhao, O., & Sanchez Lopez, Q. (2024, December 3). 2024 Edition: Account creation and identity proofing in online public benefits applications.  Digital Benefits Network. https://digitalgovernmenthub.org/publications/2024-edition-account-creation-and-identity-proofing-in-online-public-benefits-applications/ ↩︎
  30. Sham, S. (2024, September 28). Security questions: Best practices, examples, and ideas. Okta. https://www.okta.com/blog/2021/03/security-questions/ ↩︎
  31. Peacock, A. (2023, November 27). Designing accessible security questions: A trauma-informed approach. UX Collective. https://uxdesign.cc/designing-accessible-security-questions-4af91b74d002 ↩︎
  32. Pearson, J. (2024, May 2) The breach of a face recognition firm reveals a hidden danger of biometrics. WIRED. https://www.wired.com/story/outabox-facial-recognition-breach/ ↩︎
  33. These data points are drawn from the DBN’s assessment of online Medicaid applications. During the data collection process for that assessment, it was sometimes difficult to ascertain whether a given portal allowed users to apply for non-MAGI Medicaid, so the dataset online includes non-MAGI Medicaid as a benefits program category.  We did not ask research participants to specify whether they were receiving Medicaid through a MAGI or a non-MAGI eligibility pathway. ↩︎