Security Mandates are Pervasive : An Inter-School Study on Analyzing User Authentication Behavior
Two-factor authentication (2FA) technologies are designed to increase the security and usability of authentica-tion. Adoption of 2FA hardware devices that generate one-time passwords has proven to be effective as a risk mitigating strategy. Despite 2FA addressing user data security concerns, individuals appear either disinterested or unable to adopt 2FA tools. Many institutions are now mandating 2FA to better secure their network and user data. Some have more rigid requirements than others (e.g., offering only one 2FA method vs. offering multiple 2FA options). To better understand the impact of mandatory 2FA policies, we conducted a study of the usability, adoption, and acceptability of 2FA at three different universities. In our study, using the Yubico FIDO U2F security token, we found that mandating the use of 2FA without complementary risk communication is often inadequate. In our interviews, we found that mandatory 2FA did not necessarily increase security, instead leading to less secure user behavior, such as sharing 2FA tokens, storing credentials for a longer time in public devices, and other security avoidance behaviors
Year of publication: |
2020
|
---|---|
Authors: | Das, Sanchari |
Other Persons: | Kim, Andrew (contributor) ; Mare, Shrirang (contributor) ; Streiff, Joshua (contributor) ; Camp, L. Jean (contributor) |
Publisher: |
[2020]: [S.l.] : SSRN |
Saved in:
freely available
Extent: | 1 Online-Ressource (8 p) |
---|---|
Type of publication: | Book / Working Paper |
Language: | English |
Notes: | In: IEEE Humans and Cyber Security Workshop (HACS 2019) Nach Informationen von SSRN wurde die ursprüngliche Fassung des Dokuments December 13, 2019 erstellt |
Source: | ECONIS - Online Catalogue of the ZBW |
Persistent link: https://www.econbiz.de/10012845378
Saved in favorites
Similar items by person
-
Non-Inclusive Online Security : Older Adults' Experience with Two-Factor Authentication
Das, Sanchari, (2021)
-
Overpowered and Underprotected Toys : Empowering Parents with Tools to Protect Their Children
Streiff, Joshua, (2020)
-
Bayesian evaluation of privacy-preserving risk communication for user android app preferences
Momenzadeh, Behnood, (2021)
- More ...