This study addresses the critical privacy risks arising from excessive disclosure of sensitive credentials by users of the European Digital Identity (EUDI) Wallet, which can lead to identity theft and data breaches. It presents the first systematic investigation into users’ credential-sharing behaviors in this context and introduces Credential Assistant—a real-time decision-support tool designed to guide users through expert recommendations and aggregated peer insights. Evaluated through large-scale surveys and human-computer interaction experiments, the tool significantly reduces credential disclosure errors from 15% to 7%. These findings demonstrate the efficacy of integrating expert knowledge with user feedback as an intervention mechanism, offering a novel approach to safeguarding highly sensitive personal attributes in digital identity ecosystems.

The European Union will introduce the EUDI Wallet by late 2026, which allows users to hold digital credentials (i.e., representations of physical official identity documents) on their devices. This will allow users to securely and privately disclose identity attributes to websites. Although such a system has many benefits, it also introduces risks caused by poor credential disclosure decisions. In this paper, we (i) conduct a large-scale survey on credential disclosure with users and experts and (ii) evaluate the effectiveness and feasibility of our Credential Assistant that displays expert recommendations and user opinions. Our results show that users are likely to overshare (e.g., ~20% of users disclosed their official ID to news websites). This indicates that users struggle to protect their privacy, which will impact the usability of the EUDI Wallet and lead to privacy violations, identity theft, and other abuses of leaked credentials. Finally, we show that our Credential Assistant significantly reduces users' credential disclosure mistakes from ~15% to ~7%. However, it does not fully eliminate poor credential disclosure decisions, indicating that stronger interventions may be necessary, especially for sensitive attributes.