Due to the proliferation of online services such as social networking, online banking, and cloud computing, more personal data are potentially exposed than ever before. Efforts such as two factor authentication (2FA) aim to make these services more secure; however, existing research efforts suggest this may come at the expense of usability. We conducted a usability evaluation of Google's 2FA setup process that confirms this concern, and extends previous efforts by identifying several problem areas and specific usability issues that affect human performance in 2FA setup processes. Future research should include more diverse populations but also continue efforts in improving the usability of 2FA setup processes. This will hopefully lead to increased adoption of 2FA systems.
Get full access to this article
View all access options for this article.
References
1.
AcemyanC. Z.KortumP.XiongJ.WallachD. S. (2018). 2FA Might Be Secure, But It’s Not Usable: A Summative Usability Assessment of Google’s Two-factor Authentication (2FA) Methods. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 62(1), 1141–1145. https://doi.org/10.1177/1541931218621262
2.
Al-AmeenM. N.HaqueS. M. T.WrightM. (2014). Q-A: Towards the Solution of Usability-Security Tension in User Authentication. ArXiv:1407.7277 [Cs]. Retrieved from http://arxiv.org/abs/1407.7277
3.
BangorA.KortumP.MillerJ. (2009). Determining what individual SUS scores mean: Adding an adjective rating scale. Journal of usability studies, 4(3), 114-123.
4.
BarkadehiM. H.NilashiM.IbrahimO.Zakeri FardiA.SamadS. (2018). Authentication systems: A literature review and classification. Telematics and Informatics, 35(5), 1491–1511. https://doi.org/10.1016/j.tele.2018.03.018
5.
FurnellS.ClarkeN. (2012). Power to the people? The evolving recognition of human aspects of security. Computers & Security, 31(8), 983–988. https://doi.org/10.1016/j.cose.2012.08.004
GunsonN.MarshallD.MortonH.JackM. (2011). User perceptions of security and usability of single-factor and two factor authentication in automated telephone banking. Computers & Security, 30(4), 208–220. https://doi.org/10.1016/j.cose.2010.12.001
PopescuD. E.LoneaA. M. (2013). An Hybrid Text-Image Based Authentication for Cloud Services. International Journal of Computers Communications & Control, 8(2), 263. https://doi.org/10.15837/ijccc.2013.2.307
11.
ReynoldsJ.SmithT.ReeseK.DickinsonL.RuotiS.SeamonsK. (2018). A Tale of Two Studies: The Best and Worst of YubiKey Usability. In 2018 IEEE Symposium on Security and Privacy (SP) (pp. 872–888). San Francisco, CA: IEEE. https://doi.org/10.1109/SP.2018.00067
12.
ShahA.FarooqA.TalibK. (2007). User-oriented identity management model for web-services. In 2007 International Symposium on High Capacity Optical Networks and Enabling Technologies (pp. 1–8). Dubai: IEEE. https://doi.org/10.1109/HONET.2007.4600277
UluagacA. S.LiuW.BeyahR. (2014). A multi-factor re-authentication framework with user privacy. In 2014 IEEE Conference on Communications and Network Security (pp. 504– 505). San Francisco, CA, USA: IEEE. https://doi.org/10.1109/CNS.2014.6997526
15.
VelásquezI.CaroA.RodríguezA. (2018). Authentication schemes and methods: A systematic literature review. Information and Software Technology, 94, 30–37. https://doi.org/10.1016/j.infsof.2017.09.012
