Litcius/Paper detail

“Nah, it’s just annoying!” A Deep Dive into User Perceptions of Two-Factor Authentication

Karola Marky, Kirill Ragozin, George Chernyshov, Andrii Matviienko, Martin Schmitz, Max Mühlhäuser, Chloe Eghtebas, Kai Kunze

2022ACM Transactions on Computer-Human Interaction27 citationsDOI

Abstract

Two-factor authentication (2FA) is a recommended or imposed authentication mechanism for valuable online assets. However, 2FA mechanisms usually exhibit user experience issues that create user friction and even lead to poor acceptance, hampering the wider spread of 2FA. In this article, we investigate user perceptions of 2FA through in-depth interviews with 42 participants, revealing key requirements that are not well met today despite recently emerged 2FA solutions. First, we investigate past experiences with authentication mechanisms emphasizing problems and aspects that hamper good user experience. Second, we investigate the different authentication factors more closely. Our results reveal particularly interesting preferences regarding the authentication factor “ownership” in terms of properties, physical realizations, and interaction. These findings suggest a path toward 2FA mechanisms with considerably better user experience, promising to improve the acceptance and hence, the proliferation of 2FA for the benefit of security in the digital world.

Topics & Concepts

Multi-factor authenticationAuthentication (law)Computer scienceKey (lock)Human–computer interactionPerceptionFactor (programming language)Computer securityInternet privacyAuthentication protocolPsychologyProgramming languageNeuroscienceUser Authentication and Security SystemsPrivacy, Security, and Data ProtectionSexuality, Behavior, and Technology