Don't Punish all of us: Measuring User Attitudes about Two-Factor Authentication
- 1 June 2019
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Two-factor authentication (2FA) defends against password compromise by a remote attacker. We surveyed 4,275 students, faculty, and staff at Brigham Young University to measure user sentiment about Duo 2FA one year after the university adopted it. The results were mixed. A majority of the participants felt more secure using Duo and felt it was easy to use. About half of all participants reported at least one instance of being locked out of their university account because of an inability to authenticate with Duo. We found that students and faculty generally had more negative perceptions of Duo than staff. The survey responses reveal some pain points for Duo users. In response, we offer recommendations that reduce the frequency of 2FA for users. We also suggest UI changes that draw more attention to 2FA methods that do not require WiFi, the "Remember Me" setting, and the help utility.Keywords
This publication has 12 references indexed in Scilit:
- “It's not actually that horrible”Published by Association for Computing Machinery (ACM) ,2018
- A Study on Designing Video Tutorials for Promoting Security Features: A Case Study in the Context of Two-Factor Authentication (2FA)International Journal of Human–Computer Interaction, 2017
- Two-factor authentication: is the world ready?Published by Association for Computing Machinery (ACM) ,2015
- "They brought in the horrible key ring thing!" Analysing the Usability of Two-Factor Authentication in UK Online BankingPublished by Internet Society ,2015
- The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication SchemesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2012
- User perceptions of security and usability of single-factor and two-factor authentication in automated telephone bankingComputers & Security, 2011
- Why mobile two-factor authentication makes senseNetwork Security, 2011
- Likert scales, levels of measurement and the “laws” of statisticsAdvances in Health Sciences Education, 2010
- Bad is Stronger than GoodReview of General Psychology, 2001
- Password securityCommunications of the ACM, 1979