Sanam Ghorbani Lyastani (CISPA Helmholtz Center for Information Security, Saarland University), Michael Backes (CISPA Helmholtz Center for Information Security), Sven Bugiel (CISPA Helmholtz Center for Information Security)

Heuristics for user experience state that users will transfer their expectations from one product to another. A lack of consistency between products can increase users' cognitive friction, leading to frustration and rejection. This paper presents the first systematic study of the external, functional consistency of two-factor authentication user journeys on top-ranked websites. We find that these websites implement only a minimal number of design aspects consistently (e.g., naming and location of settings) but exhibit mixed design patterns for setup and usage of a second factor. Moreover, we find that some of the more consistently realized aspects, such as descriptions of two-factor authentication, have been described in the literature as problematic and adverse to user experience. Our results advocate for more general UX guidelines for 2FA implementers and raise new research questions about the 2FA user journeys.

View More Papers

Extrapolating Formal Analysis to Uncover Attacks in Bluetooth Passkey...

Mohit Kumar Jangid (The Ohio State University), Yue Zhang (Computer Science & Engineering, Ohio State University), Zhiqiang Lin (The Ohio State University)

Read More

Un-Rocking Drones: Foundations of Acoustic Injection Attacks and Recovery...

Jinseob Jeong (KAIST, Agency for Defense Development), Dongkwan Kim (Samsung SDS), Joonha Jang (KAIST), Juhwan Noh (KAIST), Changhun Song (KAIST), Yongdae Kim (KAIST)

Read More

Double and Nothing: Understanding and Detecting Cryptocurrency Giveaway Scams

Xigao Li (Stony Brook University), Anurag Yepuri (Stony Brook University), Nick Nikiforakis (Stony Brook University)

Read More