Security is experienced differently in different contexts. This paper argues that in everyday situations, users base their security decisions on a mix of prior experiences. When approaching security and interaction design from an experience approach, tools that help bring out such relevant experiences for design are needed. This paper reports on how Prompted exploration workshops and Acting out security were developed to target such experiences when iteratively designing a mobile digital signature solution in a participatory design process. We discuss how these tools helped the design process and illustrate how the tangibility of such tools matters. We further demonstrate how the approach grants access to non-trivial insights into people's security experience. We point out how the specific context is essential for exploring the space between experience and expectations, and we illustrate how people activate their collections of security experiences rather than deploying one security strategy in all situations.