A Comparative Usability Study of Two-Factor Authentication (1309.5344v2)

Abstract: Two-factor authentication (2F) aims to enhance resilience of password-based authentication by requiring users to provide an additional authentication factor, e.g., a code generated by a security token. However, it also introduces non-negligible costs for service providers and requires users to carry out additional actions during the authentication process. In this paper, we present an exploratory comparative study of the usability of 2F technologies. First, we conduct a pre-study interview to identify popular technologies as well as contexts and motivations in which they are used. We then present the results of a quantitative study based on a survey completed by 219 Mechanical Turk users, aiming to measure the usability of three popular 2F solutions: codes generated by security tokens, one-time PINs received via email or SMS, and dedicated smartphone apps (e.g., Google Authenticator). We record contexts and motivations, and study their impact on perceived usability. We find that 2F technologies are overall perceived as usable, regardless of motivation and/or context of use. We also present an exploratory factor analysis, highlighting that three metrics -- ease-of-use, required cognitive efforts, and trustworthiness -- are enough to capture key factors affecting 2F usability.

• The paper analyzes the comparative usability of security tokens, email/SMS codes, and app-based two-factor authentication methods through a quantitative survey of 219 users.
• Key usability factors identified were ease of use, required cognitive effort, and trustworthiness, with the first two most impacting perception.
• Contextual use and individual differences like age and gender significantly influence perceived usability across different 2FA technologies.

A Comparative Usability Study of Two-Factor Authentication

The paper explores the usability of two-factor authentication (2F) technologies, which are designed to enhance the security of systems by requiring an additional authentication factor, beyond passwords. While 2F increases security, it comes with usability challenges and costs for service providers. By engaging with users, this paper aims to identify the strengths and weaknesses of various 2F implementations, considering both individual user characteristics and the contexts in which these technologies are used.

Within the paper's methodology, the authors conducted pre-paper interviews to identify common 2F technologies in use. Subsequently, they designed a quantitative survey involving 219 Mechanical Turk users. The paper focused on three prevalent 2F methods: security tokens, codes received via email/SMS, and dedicated smartphone apps.

Findings and Observations

1. Usability Across Technologies: The paper found that participants perceived all three 2F technologies as generally usable, with overall high System Usability Scores (SUS). This contradicts some previous assumptions that 2F authentication methods have significantly lower usability compared to password-only systems.
2. Key Usability Factors: Through exploratory factor analysis, the authors determined that three primary factors capture the usability dynamics of 2F systems: ease of use, required cognitive efforts, and trustworthiness. Ease of use and minimal cognitive effort contributed most significantly to positive usability perceptions, while surprisingly, trustworthiness ratings were not negatively affected by ease of use or cognitive demand.
3. Context and Motivation: The paper reveals important context-based differences in 2F technology adoption. Security tokens are predominantly used in work contexts, where users are often mandated to adopt them. In contrast, codes received via email/SMS are most popular in financial contexts, and app-based solutions are frequently used voluntarily for personal reasons.
4. Individual Differences: Usability perceptions are significantly influenced by factors such as age, gender, and user background. For instance, older users and those without a computer science background report higher cognitive effort required to use these technologies. Interestingly, gender differences were noted with app-based 2F solutions, where men showed a higher adoption rate than women.

Implications for Practice and Future Research

The paper identifies practical implications for service providers and developers: understanding the demographic and context in which 2F systems are deployed can help tailor user interfaces and onboarding processes to improve usability across different user groups. As the digital landscape evolves, service providers should consider these usability factors to encourage voluntary adoption and reduce user friction.

The paper’s findings also highlight an essential avenue for future research: further qualitative studies are required to validate and expand upon these insights. Understanding user journeys and behavioral contexts deeply can inform the iterative design of more intuitive 2F systems, catering to diverse user needs and contexts.

In conclusion, this exploratory paper provides a detailed comparative analysis of 2F technologies from a usability standpoint, elucidating the challenges and considerations for researchers and practitioners aiming to balance security and user experience. By dissecting the interplay between individual characteristics, contextual use, and technology type, the paper lays a foundation for more nuanced and comprehensive research within the field of authentication technology usability.