Context Contributes to Two-Factor Authentication Choices

Abstract

Two-factor authentication (2FA) is a security method for various types of accounts that adds an extra layer of verification. This second layer of verification improves the security of user accounts beyond the regular password. Despite its benefits, the adoption of 2FA has remained low amongst users. A consistent finding in the 2FA literature is that adoption has remained low because users prioritize usability over security benefits when choosing a 2FA method. However, this body of research overlooks the influence of perceived account importance on decisions to adopt 2FA. This study bridges this gap in the literature by offering evidence that, contrary to the current belief in the literature that 2FA adoption is based on perceptions of usability, account context also plays a role in users’ choices. This highlights the importance of incorporating users’ account importance perceptions in future research that aims to understand users’ perceptions of 2FA and in the design of 2FA set-up pages. Furthermore, users’ perceptions of 2FA were captured and compared to previous studies that used a similar sample pool (students who are forced to use DUO, a 2FA service). The results show inconsistent findings across studies and reveal that users have a common mental model of 2FA, regardless of the method used. This suggests interfaces can be redesigned to better match user perceptions with the actual needs of various contexts.