Abstract

Two-factor authentication (2FA) is a strong defense against account compromise. However, usability studies reveal challenges with 2FA setup. The process to manually setup and remove 2FA methods differs across websites. We present a system design for a 2FA manager to automatically setup and remove 2FA methods. Potential benefits are reduced time, fewer mistakes, consistent terminology, a single workflow for users to learn, and the ability to rapidly transition to a new 2FA method—e.g., when replacing a lost 2FA method. We create two proof-of-concept implementations of our design, one as a browser extension and one integrated as a feature in an existing password manager. We evaluated the browser extension implementation approach using a between-subjects user study (N=60). Our results show fewer mistakes and reduced time compared to manually adding and removing 2FA methods. Qualitative results show that users found the automated process easy to use and were enthusiastic about the 2FA manager's ability to help them rapidly replace 2FA methods in the case they lost their 2FA device.

Degree

MS

College and Department

Physical and Mathematical Sciences; Computer Science

Rights

https://lib.byu.edu/about/copyright/

Date Submitted

2022-04-13

Document Type

Thesis

Handle

http://hdl.lib.byu.edu/1877/etd12139

Keywords

Usable Security, Two-Factor Authentication, automation, user study

Language

english

Download

Share

COinS