Enlighten Publications

In this section

Tangible 2FA – An In-the-Wild Investigation of User-Defined Tangibles for Two-Factor Authentication

Turne, M., Schmitz, M., Bierey, M. M., Khamis, M. and Marky, K. (2023) Tangible 2FA – An In-the-Wild Investigation of User-Defined Tangibles for Two-Factor Authentication. In: USENIX Symposium on Usable Privacy and Security (SOUPS) 2023, Anaheim, CA, USA, 6–8 Aug 2023, ISBN 9781939133366

Text
301470.pdf - Accepted Version
3MB

Publisher's URL: https://www.usenix.org/conference/soups2023

Abstract

Although two-factor authentication (2FA) mechanisms can be usable, they poorly integrate into users’ daily routines, especially during mobile use. Using tangibles for 2FA is a promising alternative that beneficially combines customisable authentication routines and object geometries, personalisable to each user. Yet, it remains unclear how they integrate into daily routines. In this paper, we first let 226 participants design 2FA tangibles to understand user preferences. Second, we prototyped the most common shapes and performed a one-week long in-the-wild study (N=15) to investigate how 2FA tangibles perform in different environments. We show that most users prefer objects that a) fit in wallets, b) connect to daily items or c) are standalone. Users enjoyed interacting with 2FA tangibles and considered them a viable and more secure alternative. Yet, they voiced concerns on portability. We conclude by an outlook for a real world implementation and distribution of 2FA tangibles addressing user concerns.

Item Type:	Conference Proceedings
Additional Information:	This work was supported by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany’s Excellence Strategy - EXC 2092 CASA -390781972. Furthermore this work was co-funded by the EPSRC(EP/V008870/1).
Status:	Published
Refereed:	Yes
Glasgow Author(s) Enlighten ID:	Bierey, Mr Morgan and Marky, Dr Karola and Khamis, Dr Mohamed
Authors:	Turne, M., Schmitz, M., Bierey, M. M., Khamis, M., and Marky, K.
College/School:	College of Science and Engineering > School of Computing Science
ISBN:	9781939133366
Copyright Holders:	Copyright © 2023 The Authors
First Published:	First published in Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023)
Publisher Policy:	Reproduced in accordance with the publisher copyright policy

University Staff: Request a correction | Enlighten Editors: Update this record

Funder and Project Information

Project Code	Award No	Project Name	Principal Investigator	Funder's Name	Funder Ref	Lead Dept
310627		TAPS: Assessing, Mitigating and Raising Awareness of the Security and Privacy Risks of Thermal Imaging	Mohamed Khamis	Engineering and Physical Sciences Research Council (EPSRC)	EP/V008870/1	Computing Science

Deposit and Record Details

ID Code:	301470
Depositing User:	Mrs Marie Cairney
Datestamp:	23 Jun 2023 10:36
Last Modified:	13 Nov 2023 16:09
Date of acceptance:	15 May 2023
Date of first online publication:	August 2023
Date Deposited:	23 June 2023
Data Availability Statement:	No