Please report any queries concerning the funding data grouped in the sections named "Externally Awarded" or "Internally Disbursed" (shown on the profile page) to
your Research Finance Administrator. Your can find your Research Finance Administrator at https://www.ucl.ac.uk/finance/research/rs-contacts.php by entering your department
Please report any queries concerning the student data shown on the profile page to:
Email: portico-services@ucl.ac.uk
Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Email: portico-services@ucl.ac.uk
Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Publication Detail
"They brought in the horrible key ring thing!" Analysing the Usability of Two-Factor Authentication in UK Online Banking
-
Publication Type:Conference
-
Authors:Krol K, Philippou E, De Cristofaro E, Sasse MA
-
Publisher:ISOC
-
Publication date:08/02/2015
-
Published proceedings:Proceedings of the 9th NDSS Workshop on Usable Security (USEC 2015)
-
Status:Published
-
Name of conference:9th NDSS Workshop on Usable Security (USEC 2015)
-
Conference place:San Diego, CA, USA
-
Conference start date:08/02/2015
-
Conference finish date:08/02/2015
-
Keywords:cs.CR, cs.CR, cs.HC
-
Full Text URL:
Abstract
To prevent password breaches and guessing attacks, banks increasingly turn to
two-factor authentication (2FA), requiring users to present at least one more
factor, such as a one-time password generated by a hardware token or received
via SMS, besides a password. We can expect some solutions -- especially those
adding a token -- to create extra work for users, but little research has
investigated usability, user acceptance, and perceived security of deployed
2FA.
This paper presents an in-depth study of 2FA usability with 21 UK online
banking customers, 16 of whom had accounts with more than one bank. We
collected a rich set of qualitative and quantitative data through two rounds of
semi-structured interviews, and an authentication diary over an average of 11
days. Our participants reported a wide range of usability issues, especially
with the use of hardware tokens, showing that the mental and physical workload
involved shapes how they use online banking. Key targets for improvements are
(i) the reduction in the number of authentication steps, and (ii) removing
features that do not add any security but negatively affect the user
experience.
› More search options
UCL Researchers