Turne, M., Schmitz, M., Bierey, M. M., Khamis, M. and Marky, K. (2023) Tangible 2FA – An In-the-Wild Investigation of User-Defined Tangibles for Two-Factor Authentication. In: USENIX Symposium on Usable Privacy and Security (SOUPS) 2023, Anaheim, CA, USA, 6–8 Aug 2023, ISBN 9781939133366
Text
301470.pdf - Accepted Version 3MB |
Publisher's URL: https://www.usenix.org/conference/soups2023
Abstract
Although two-factor authentication (2FA) mechanisms can be usable, they poorly integrate into users’ daily routines, especially during mobile use. Using tangibles for 2FA is a promising alternative that beneficially combines customisable authentication routines and object geometries, personalisable to each user. Yet, it remains unclear how they integrate into daily routines. In this paper, we first let 226 participants design 2FA tangibles to understand user preferences. Second, we prototyped the most common shapes and performed a one-week long in-the-wild study (N=15) to investigate how 2FA tangibles perform in different environments. We show that most users prefer objects that a) fit in wallets, b) connect to daily items or c) are standalone. Users enjoyed interacting with 2FA tangibles and considered them a viable and more secure alternative. Yet, they voiced concerns on portability. We conclude by an outlook for a real world implementation and distribution of 2FA tangibles addressing user concerns.
Item Type: | Conference Proceedings |
---|---|
Additional Information: | This work was supported by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany’s Excellence Strategy - EXC 2092 CASA -390781972. Furthermore this work was co-funded by the EPSRC(EP/V008870/1). |
Status: | Published |
Refereed: | Yes |
Glasgow Author(s) Enlighten ID: | Bierey, Mr Morgan and Marky, Dr Karola and Khamis, Dr Mohamed |
Authors: | Turne, M., Schmitz, M., Bierey, M. M., Khamis, M., and Marky, K. |
College/School: | College of Science and Engineering > School of Computing Science |
ISBN: | 9781939133366 |
Copyright Holders: | Copyright © 2023 The Authors |
First Published: | First published in Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023) |
Publisher Policy: | Reproduced in accordance with the publisher copyright policy |
University Staff: Request a correction | Enlighten Editors: Update this record