Usable security: User preferences for authentication methods in eBanking and the effects of experience

Abstract

Multi-factor authentication involves the use of more than one mode in authentication processes and is typically employed to increase security compared to a fixed password (knowledge-based mode). This research compared three different eBanking authentication processes, a two-layer password (1-factor) method and two alternative 2-factor solutions. The 2-factor processes used One-Time-Passcodes (OTPs) delivered either via a small, single-use device or by text message to a mobile phone. The three authentication methods were compared in a repeated-measures experiment with 141 participants. Three user groups were balanced in the experiment to investigate the effect of experience (current users of the service) on perceptions of usability and security. Attitudes toward usability and observations were taken for each process. Other data gathered quality ratings, preferences and ranked comparisons regarding convenience and security issues. Both 2-factor methods scored significantly higher than the 1-factor method for eBanking authentication usability metrics overall, but experienced users gave higher scores to the 1-factor method they currently use. Overall preferences were spread evenly between the three methods. However, the majority of the participant sample perceived the 1-factor method they had most experience with as being the most secure and most convenient option. The results offer insight into customer attitudes important in their selection of authentication options: convenience, personal ownership and habitual experience of processes.