Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Comparative Usability Study of Two-Factor Authentication Emiliano de Cristofaro 1, Honglu Du 2, Julien Freudiger 2, Gregory Norcie 3 UCL 1, PARC 2, Indiana.

Published byArnold Arnold Modified over 9 years ago

Similar presentations

Presentation on theme: "A Comparative Usability Study of Two-Factor Authentication Emiliano de Cristofaro 1, Honglu Du 2, Julien Freudiger 2, Gregory Norcie 3 UCL 1, PARC 2, Indiana."— Presentation transcript:

1 A Comparative Usability Study of Two-Factor Authentication Emiliano de Cristofaro 1, Honglu Du 2, Julien Freudiger 2, Gregory Norcie 3 UCL 1, PARC 2, Indiana University 3

2 2 Website/Service password Possession KnowledgeInherence Token Phone Smart Card Fingerprint PIN Pattern Retina Palm A. Adams and M. A. Sasse. Users are not the enemy. 1999

3 + More secure 3 - Less usable Slower Unfamiliar N. Gunson et al. User perceptions of security and usability of 1F and 2F in automated telephone banking, 2011 D. D. Strouble et al. Productivity and usability effects of using a two-factor security system, 2009 C. S. Weir et al. Usable security: User preferences for authentication methods in ebanking and the effects of experience, 2010

4 Observations Large offering of two factor solutions Lack of metrics to measure 2F usability Problem Is there a difference in usability among 2F? Contributions Comparative usability study Pre-study interview Explorative quantitative study 4

5 Goal Understand popular 2F in use, context and motivations Participant Recruitment Mailing lists and social media (Google+ and Facebook) Announced paid interviews for user study on authentication Online screening survey to know more about potential participants 9 out of 29 mostly from Silicon Valley, familiar with 2F 5

6 Motivation Forced to Incentivized Wanted to 6 Adoption Security token SMS or emailSmartphone app “I use 2F to obtain higher limits on online banking transactions” “I use 2F to avoid getting hacked” Context Work Personal Financial

7 QUANTITATIVE SURVEY 7 “An artisan must first sharpen his tools if he is to do his work well.” Confucius

8 Two main challenges How to recruit participants? What questions to ask? Existing usability metrics SUS - System Usability Scale (10 questions) QUIS - Questionnaire for User Interface Satisfaction (27 questions) PUEU - Perceived Usefulness and Ease of Use (12 questions) CSUQ - Computer System Usability Questionnaire (19 questions) … Software focused, not for 2F technologies 8

9 9 Quick Enjoy Reuse Helpful Not Enjoy User Friendly Need Instruction Concentration Stressful Match Frustrating TrustSecure Easy Convenient A. Karole, etc. A comparative usability evaluation of traditional password managers. In ICISC, 2011. J. Bonneau, etc. The quest to replace passwords: a Framework for comparative evaluation of web authentication schemes. IEEE Symposium on Security and Privacy, 2012.

10 Online survey 219 participants from Mechanical Turk SUS and 15 other questions on usability 10 Group2F Technologies Used# of Participants 1Token11 2Email/SMS77 3App7 4Token & Email/SMS29 5Token & App3 6Email/SMS & App50 7All three41 Total219

11 Adoption SMS/Email is the most popular 2F (89.95%) App (45.20%) Token (24.20%) Context 11 Χ 2 (4, 582)= 65.18, p<.0001)

12 Motivations 12 Χ 2 (4, 775)= 14.68, p<.0001)

13 13 Quick Enjoy Reuse Helpful Not Enjoy User Friendly Need Instruction Concentration Stressful Match Frustrating TrustSecure Easy Convenient A. Karole, etc. A comparative usability evaluation of traditional password managers. In ICISC, 2011. J. Bonneau, etc. The quest to replace passwords: a Framework for comparative evaluation of web authentication schemes. IEEE Symposium on Security and Privacy, 2012.

14 14 Quick Enjoy Reuse Helpful Not Enjoy User Friendly Need Instruction Concentration Stressful Match Frustrating Trust Secure Convenient Ease of Use Cognitive Efforts Trustworthiness 32%15%14% Variance Explained

15 15

16 MANOVA analysis (groups 4, 6 & 7) DVs: Ease of use, Cognitive Efforts and Trustworthiness IV: Technology (2F technologies used) Covariates: Age and gender Results No main effect of Technology Some usability differences w.r.t age and gender: Email/SMS and Token users (group 4) The elderly (Md=3) need more Cognitive Efforts than the young (Md=2, p=0.003) Email/SMS and App users (group 6) The elderly (Md=5.5) find that 2F are less trustworthy than the young (Md=6, p=.0007) Users of all 3 technologies (group 7) Females (Md=2.75) need more Cognitive Efforts than males (Md=2.0, p=.001) 16

17 Main results Different 2F technologies are preferred in different contexts Did not find usability difference among three 2F technologies Identified two additional dimensions of 2F usability: Cognitive Efforts and Trustworthiness Future work Larger variety of 2F technologies and participants Develop a usability scale for 2F technologies 17

18 BACKUP 18

19 Interviews 1 on 1 meeting, $10 Amazon Gift Card compensation Questions 1. Which 2F have you used? (Adoption) 2. How does 2F work? (Understanding) 3. Why do you use 2F? (Motivation) 4. Recall last time you used 2F? (Familiarity) 5. What issues do you have with 2F? (Comments) 19 PIN from a paper/card Digital certificate RSA token code Verisign token code Paypal token code Google Authenticator PIN received by SMS/email USB token Smartcard

20 Selected 9/29 from survey Most of them from silicon valley Only participants familiar with 2F Age: 21 to 49 Gender: 5 males, 4 females Education: High school to PhD Security: 5/9 background in computer security 20

Download ppt "A Comparative Usability Study of Two-Factor Authentication Emiliano de Cristofaro 1, Honglu Du 2, Julien Freudiger 2, Gregory Norcie 3 UCL 1, PARC 2, Indiana."

Similar presentations

User Authentication on Mobile Devices Google Two Factor Authentication OTP (One Time Password)

User Authentication on Mobile Devices Google Two Factor Authentication OTP (One Time Password)
Cognitive-metacognitive and content-technical aspects of constructivist Internet-based learning environments: a LISREL analysis 指導教授:張菽萱 報告人:沈永祺.

Cognitive-metacognitive and content-technical aspects of constructivist Internet-based learning environments: a LISREL analysis 指導教授:張菽萱 報告人:沈永祺.
Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.

Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.
Robin L. Donaldson May 5, 2010 Prospectus Defense Florida State University College of Communication and Information.

Robin L. Donaldson May 5, 2010 Prospectus Defense Florida State University College of Communication and Information.
+ UCD Methods For Understanding Users In Computer Science – Music application.

+ UCD Methods For Understanding Users In Computer Science – Music application.
ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith.

ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith.
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.

15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
Deciding How to Measure Usability How to conduct successful user requirements activity?

Deciding How to Measure Usability How to conduct successful user requirements activity?
Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -

Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -
Increasing Preservice Teachers' Capacity for Technology Integration Through the Use of Electronic Models Melissa Dark Purdue University.

Increasing Preservice Teachers' Capacity for Technology Integration Through the Use of Electronic Models Melissa Dark Purdue University.
Online Mass Customization and the Customer Experience Arnold Kamis, Bentley College Marios Koufaris, Baruch College Tziporah Stern, Baruch College NJIT.

Online Mass Customization and the Customer Experience Arnold Kamis, Bentley College Marios Koufaris, Baruch College Tziporah Stern, Baruch College NJIT.
Define usability testing Usability is all about how easy a product, service or system is to use. The extent to which a product can be used by specified.

Define usability testing Usability is all about how easy a product, service or system is to use. The extent to which a product can be used by specified.
Classroom Climate and Students’ Goal Structures in High-School Biology Classrooms in Kenya Winnie Mucherah Ball State University Muncie, Indiana, USA June,

Classroom Climate and Students’ Goal Structures in High-School Biology Classrooms in Kenya Winnie Mucherah Ball State University Muncie, Indiana, USA June,
The Internet Public Library What to Teach Future Digital Reference Librarians: Experiences of IPL Student Volunteers Maurita Peterson.

The Internet Public Library What to Teach Future Digital Reference Librarians: Experiences of IPL Student Volunteers Maurita Peterson.
Olli Kulkki Markus Lappalainen Ville Lehtinen Reijo Lindroos Ilari Pulkkinen Helsinki University of Technology11.12.2008 S-72.2530 Acceptability and Quality.

Olli Kulkki Markus Lappalainen Ville Lehtinen Reijo Lindroos Ilari Pulkkinen Helsinki University of Technology S Acceptability and Quality.
Investigator: Kyle Johnson Project Supervisors: Prof. Hannah Thinyane Mrs. Ingrid Siebörger.

Investigator: Kyle Johnson Project Supervisors: Prof. Hannah Thinyane Mrs. Ingrid Siebörger.
Online and Mobile Banking. Online banking Online Banking  Online banking is a fairly established practice in our internet-saturated world.  Many people.

Online and Mobile Banking. Online banking Online Banking  Online banking is a fairly established practice in our internet-saturated world.  Many people.
Oz – Foundations of Electronic Commerce © 2002 Prentice Hall E-money.

Oz – Foundations of Electronic Commerce © 2002 Prentice Hall E-money.
Digital Texts and the Future of Education: Why Books? A Critique of Mayrath, M., Priya, N., & Perkins, C. (2011). Digital Texts and the Future of Education:

Digital Texts and the Future of Education: Why Books? A Critique of Mayrath, M., Priya, N., & Perkins, C. (2011). Digital Texts and the Future of Education:
Author of Record Digital Identity Management Sub-Workgroup October 24, 2012.

Author of Record Digital Identity Management Sub-Workgroup October 24, 2012.

Similar presentations

Ads by Google