Two-Factor Authentication, Usable or Not? A Two-Phase Usability Study of the FIDO U2F Security Key

Thursday, November 29, 2018

11:00 AM - 12:00 PM PST

60 minutes, including Q&A

Why Don't People Use Two Factor? by L. Jean Camp
Two-Factor Authentication, Usable or Not? by Richard Hosgood

Why do people choose to use (or not use) Two Factor Authentication (2FA)? We report on a two-phase study on the Yubico Security Key working with Yubico. Despite the Yubico Security Key being among the best in class for usability among hardware tokens, participants in a think-aloud protocol encountered surprising difficulties, with none in the first round able to complete enrollment without guidance. A website demo, built to make adoption simple, instead, resulted in profound confusion when participants fell into an infinite loop of inadvertently only playacting the installation. We report on a two phase experiment that analyzed acceptability and usability of the Yubico Security Key, a 2FA hardware token implementing Fast Identity Online (FIDO).

This presentation will surprise and inform attendees, showing that usability is not just common sense, but sometimes you need to think sideways to align yourself with your potential users.

Brought to you by:

One Identity

Guest Presenter:

L Jean Camp

L Jean Camp

L Jean Camp focuses on the intersection of human and technical trust. She is a Professor at the School of Informatics and Computing at Indiana University. She joined Indiana after eight years at Harvard's Kennedy School.

Sponsor Presenter:

Richard Hosgood

Richard Hosgood

Join Richard Hosgood, Principal Systems Engineer for One Identity, where he will walk through some ways to implement two-factor authentication that could increase user adoption. In addition, he will discuss how we have taken a user centric approach in architecting our Privileged Account Management solutions to ensure acceptance and a successful implementation. Forward-thinking technologist, Richard Hosgood, is a Principal Systems Engineer at One Identity who implements best of breed blue team security software in the world's largest IT environments. In his spare time, he is a red team white hat hacker that specializes in network vulnerability assessments, data exfiltration, network design, and companywide logging. He has held roles at leading Privileged Management, Data Security, Log Management, Insider Threat Detection, Identity Governance, and External Threat security leaders.

Sustaining Partners