Passwords and Multi-Factor Authentication improve security and protect essential data of users online. However, the usage of simple and guessable passwords or compromised credentials often lead to several threats online, such as, Identity Theft, Financial Loss, etc. Irrespective of attacks, such as spear phishing attacks being present known for a long time, users still fall prey and sometimes fail to adapt to newer and safer technologies. One such technology is multi-factor authentication technology where in addition to passwords and username, users can authenticate through a second or third factor of authentication such as, One Time Passwords, SMSes, Tokens, Biometeric, etc. Our researchers investigate through detailed usability and adaptability research to understand user’s mental models and risk perception and unpack the difficulties an individual face to adapt such secure and helpful technologies. Several reasons contribute to lower security practices by an individual, including the ignorance or lack of knowledge of the users but also poor and transparent risk communication from security practitioners and organizations. Our user studies follow qualitative, quantitative, and mixed methods and provide actionable items and effective insights which contribute in improving the security practices of individuals and in turn enable protecting the online user data.
L. Jean Camp and Sanchari Das.
Studies of 2FA, Why Johnny Can’t Use 2FA and How We Can Change That?.
Jacob Abbott and Sameer Patil.
How Mandatory Second Factor Affects the Authentication User Experience.
In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems,
New York, NY, USA,
Association for Computing Machinery.
and L Jean Camp.
Security Mandates are Pervasive: An Inter-School Study on Analyzing User Authentication Behavior.
In IEEE HUMANS AND CYBER SECURITY WORKSHOP (HACS 2019),
and L Jean Camp.
WHY DON’T ELDERS ADOPT TWO-FACTOR AUTHENTICATION? BECAUSE THEY ARE EXCLUDED BY DESIGN.
In Innovation in Aging, Volume 3, Issue Supplement_1, November 2019,
and L. Jean Camp.
Why Johnny Doesn’t Use Two Factor A Two-Phase Usability Study of the FIDO U2F Security Key.
In 2018 International Conference on Financial Cryptography and Data Security (FC),