A Usability Study of Five Two-Factor Authentication Methods

Authors: 

Ken Reese, Trevor Smith, Jonathan Dutson, Jonathan Armknecht, Jacob Cameron, and Kent Seamons, Brigham Young University

Abstract: 

Two-factor authentication (2FA) defends against account compromise. An account secured with 2FA typically requires an individual to authenticate using something they know—typically a password—as well as something they have, such as a cell phone or hardware token. Many 2FA methods in widespread use today have not been subjected to adequate usability testing. Furthermore, previous 2FA usability research is difficult to compare due to widely-varying contexts across different studies. We conducted a two-week, between-subjects usability study of five common 2FA methods with 72 participants, collecting both quantitative and qualitative data. Participants logged into a simulated banking website nearly every day using 2FA and completed an assigned task. Participants generally gave high marks to the methods studied, and many expressed an interest in using 2FA to provide more security for their sensitive online accounts. We also conducted a within-subjects laboratory study with 30 participants to assess the general usability of the setup procedure for the five methods. While a few participants experienced difficulty setting up a hardware token and a one-time password, in general, users found the methods easy to set up.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {238325,
author = {Ken Reese and Trevor Smith and Jonathan Dutson and Jonathan Armknecht and Jacob Cameron and Kent Seamons},
title = {A Usability Study of Five Two-Factor Authentication Methods},
booktitle = {Fifteenth Symposium on Usable Privacy and Security ({SOUPS} 2019)},
year = {2019},
address = {Santa Clara, CA},
url = {https://www.usenix.org/conference/soups2019/presentation/reese},
publisher = {{USENIX} Association},
month = aug,
}