2018 IEEE Symposium on Security and Privacy (SP) 2018
DOI: 10.1109/sp.2018.00067
|View full text |Cite
|
Sign up to set email alerts
|

A Tale of Two Studies: The Best and Worst of YubiKey Usability

Abstract: Two-factor authentication (2FA) significantly improves the security of password-based authentication. Recently, there has been increased interest in Universal 2nd Factor (U2F) security keys-small hardware devices that require users to press a button on the security key to authenticate. To examine the usability of security keys in non-enterprise usage, we conducted two user studies of the YubiKey, a popular line of U2F security keys. The first study tasked 31 participants with configuring a Windows, Google, and… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

2
35
0

Year Published

2019
2019
2021
2021

Publication Types

Select...
5
2
1

Relationship

1
7

Authors

Journals

citations
Cited by 43 publications
(37 citation statements)
references
References 17 publications
2
35
0
Order By: Relevance
“…Context-based user acceptance (U3) responses for websites with different types of sensitive personal data involved (online banking and social network) personal data or payment data is involved on a website. These results partly reflect Redmiles et al 's[37], Reynolds et al 's[39], and Dutson et al 's[16] observations regarding the accepted use of 2FA for only financial or sensitive data. However, personal trust in the online service seemed to be equally important, too:"[I'm not providing my phone number] because [then] different websites, for example via social media, can still reach me[...].…”
supporting
confidence: 84%
“…Context-based user acceptance (U3) responses for websites with different types of sensitive personal data involved (online banking and social network) personal data or payment data is involved on a website. These results partly reflect Redmiles et al 's[37], Reynolds et al 's[39], and Dutson et al 's[16] observations regarding the accepted use of 2FA for only financial or sensitive data. However, personal trust in the online service seemed to be equally important, too:"[I'm not providing my phone number] because [then] different websites, for example via social media, can still reach me[...].…”
supporting
confidence: 84%
“…Multi-factor Authenticators can improve the security of organizations against opportunistic attacks, e.g., the Zomato breach. However, they may also affect the usability of the system, as shown in Table 3, and add costs to the organization both in terms of the employee time lost during authentication and cost incurred to replace lost hardware-based authenticators [116][117][118]. Security Management Tools are used to specify and monitor security policies consistently across an organization and manage other security tools.…”
Section: Requirementsmentioning
confidence: 99%
“…Therefore, we believe that improving the usability of security tools and mechanisms is crucial. Most of the existing usability research is focused on authentication [104,106,[116][117][118]. While there has been some work related to software usability in general [126], more research is needed to understand usability in the context of security tools and software to make them more usable, seamless, and non-disruptive.…”
Section: Future Research Directionsmentioning
confidence: 99%
“…To complement the hardware-based cryptography, a Two Factor Authentication (2FA) token may be used. Despite the availability of 2FA tokens in the market, such as Yubikey [42], a self-developed token, with support to PKCS #11, will be integrated into this IM architecture in future works.…”
Section: ) Hardware-based Cryptographymentioning
confidence: 99%