Abstract
Two-factor authentication (2FA) provides online accounts with protection against remote account compromise. Despite the security benefits, adoption of 2FA has remained low, in part due to poor usability. We explore the possibility of improving the usability of the 2FA setup process by providing setup automation through password managers. We create a proof-of-concept KeePass (a popular password manager) extension that adds browser-based automation to the 2FA setup process and conduct a 30-participant within-subjects user study to measure user perceptions about the system. Our system is found to be significantly more usable than the current manual method of 2FA setup for multiple online accounts, with our system receiving an average SUS score of ‘A’ while the manual setup method received an average score of ‘D’. We conduct a meta-analysis of some of the most common methods of 2FA used by websites today and propose a web API that could increase the speed, ease, and scalability of 2FA setup automation. Our threat analysis suggests that using password managers for 2FA automation can be implemented without introducing significant security risks to the process. The promising results from our user study and analysis indicate that password managers have strong potential for improving the usability of 2FA setup.
Degree
MS
College and Department
Physical and Mathematical Sciences; Computer Science
Rights
https://lib.byu.edu/about/copyright/
BYU ScholarsArchive Citation
Dutson, Jonathan William, "Managing Two-Factor Authentication Setup Through Password Managers" (2020). Theses and Dissertations. 8976.
https://scholarsarchive.byu.edu/etd/8976
Date Submitted
2020-04-09
Document Type
Thesis
Handle
http://hdl.lib.byu.edu/1877/etd11616
Keywords
security, usable security, two-factor authentication, 2FA, password managers, automation, usability
Language
english