You Want Me To Do What? A Design Study of Two-Factor Authentication Messages


Elissa M. Redmiles, Everest Liu, and Michelle L. Mazurek, University of Maryland


Security messages that ask users to adopt new behaviors can be a crucial aspect of users' security decision-making. Prior work has focused extensively on how to design warning messages to discourage insecure practices. In this work, we instead examine how to design motivating security messages to encourage adoption, taking two-factor authentication (2FA) as a case study. To this end, we conduct an interview and participatory design study with 12 demographically diverse participants. Participants both critiqued existing 2FA messages and designed new ones. Drawing from the results of these interviews, we extract preliminary design options for authentication tool messages, which we plan to validate in future work.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {205698,
title = {You Want Me To Do What? A Design Study of {Two-Factor} Authentication Messages},
booktitle = {Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017)},
year = {2017},
address = {Santa Clara, CA},
url = {},
publisher = {USENIX Association},
month = jul,