Jacob E. Abbott

User experience of two-factor authentication

During my first year as a PhD student I had the chance to collaborate with Dr. Sameer Patil as Indiana University began to roll out Two-Factor Authentication (2FA) as a requirement for faculty and staff with a plan to later make it mandatory for students. We worked with the University Information Technology Services office and collected helpdesk requests regarding 2FA, survey responses across multiple waves of making it required for staff on select systems, all systems, and finally students, and collected authentication logs. With this prolonged study we were able to find that the majority of users were frustrated by the initial process of incorporating 2FA for all systems more than for select systems where they perceived a greater understanding of things being protected. The majority of participants cited push notifications as their preferred method of authenticating in survey responses and this was reflected in log data for the university as a whole. Overall our findings offer potential guidance to organizations implementing 2FA to balance security and user experience.

How Mandatory Second Factor Affects the Authentication User Experience.
Jacob Abbott, Sameer Patil. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, ACM, April 2020. DOI: https://doi.org/10.1145/3313831.3376457

All photography provided by Jacob E. Abbott