Evaluating User Perception of Multi-Factor Authentication: A Systematic Review (1908.05901v1)

Abstract: Security vulnerabilities of traditional single factor authentication has become a major concern for security practitioners and researchers. To mitigate single point failures, new and technologically advanced Multi-Factor Authentication (MFA) tools have been developed as security solutions. However, the usability and adoption of such tools have raised concerns. An obvious solution can be viewed as conducting user studies to create more user-friendly MFA tools. To learn more, we performed a systematic literature review of recently published academic papers (N = 623) that primarily focused on MFA technologies. While majority of these papers (m = 300) proposed new MFA tools, only 9.1% of papers performed any user evaluation research. Our meta-analysis of user focused studies (n = 57) showed that researchers found lower adoption rate to be inevitable for MFAs, while avoidance was pervasive among mandatory use. Furthermore, we noted several reporting and methodological discrepancies in the user focused studies. We identified trends in participant recruitment that is indicative of demographic biases.

• The paper conducted a systematic review of 623 papers, finding that only 9.1% of novel MFA solutions included user evaluation studies, highlighting a significant research gap.
• User studies reveal significant usability challenges, including confusion, lack of motivation, and misalignment of systems with user risk perceptions, impeding widespread MFA adoption.
• The review identified biases in current research methodologies, such as reliance on young, tech-savvy participants and prevalent survey methods, limiting generalizability and depth of findings.

Evaluating User Perception of Multi-Factor Authentication: A Systematic Review

The paper "Evaluating User Perception of Multi-Factor Authentication: A Systematic Review" presents a comprehensive analysis of the adoption, usability, and user perception of Multi-Factor Authentication (MFA) technologies. MFA is increasingly implemented to overcome the vulnerabilities of single-factor authentication methods such as textual passwords and PINs, which are susceptible to diverse security threats like brute force attacks, dictionary attacks, and malware. Despite the enhanced security provided by MFA, usability concerns impede its widespread adoption and user satisfaction.

The authors systematically reviewed 623 recent academic papers to explore the existing landscape of MFA research, with a particular focus on user-centric evaluations. Among these, 300 papers proposed novel MFA solutions, yet remarkably, only 9.1% included user evaluation studies. This significant finding reveals a gap in the user-focused research domain, emphasizing the urgent need to consider human factors in the development of MFA systems.

The paper's meta-analysis of 57 user-focused studies highlighted key issues such as the inevitability of lower adoption rates and the pervasive avoidance of mandatory MFA systems. Methodological discrepancies and demographic biases in participant selection were also noted. A substantial portion of studies utilized university students or technologically literate individuals as participants, which may not generalize to the broader population.

Key findings include:

• User Perception and Usability Challenges: Participants often expressed confusion or lack of motivation regarding MFA systems. Non-intuitive interfaces and inadequate alignment with user risk perceptions further complicate user acceptance. Importantly, user studies identified a misalignment of user risk perceptions with the utility claimed by MFA tools.
• Participant Recruitment Biases: Many studies enlisted primarily young, technologically adept users, often from university settings. This limits the applicability of findings across diverse demographic segments. Gender-related biases were also apparent, with a skewed male-to-female participation ratio and minimal studies focusing on gender-specific reactions to MFA systems.
• Risk Analysis and Cognitive Models: Approximately 26.3% of studies addressed risk perception, focusing on cognitive differences, password memorability, and the perceived trade-off between security and usability. There is a noted need for aligning MFA functionality with mental models of users to enhance adoption.
• Methodological Approaches: User behavior analysis through survey methodologies was prevalent. However, experimental designs featuring controlled settings were less frequently used, despite their potential to yield deeper insights into user interactions with MFA technologies.

The paper's findings advocate for more inclusive participant recruitment strategies and call for the design of MFA systems that cater to a wider array of user needs and demographic profiles. By identifying the biases and limitations in current research methodologies, the authors offer valuable guidance for future MFA usability studies.

The implications of this research are twofold: Practically, enhancing user experience and understanding of MFA can foster greater adoption rates and reduce resistance among mandatory usage scenarios. Theoretically, it underscores the importance of integrating user behavior studies with technical improvements in authentication technologies. Future research might explore innovative MFA schemes that better accommodate user cognitive ergonomics and risk assessments, potentially illuminating new pathways for secure and user-friendly authentication models.

This systematic review lays the groundwork for advancing the dialogue on MFA usability and invites continued collaboration among researchers to expand the scope of user-centric authentication studies. The pursuit of more user-friendly MFA solutions promises significant contributions to the field of cybersecurity and user interface design.