Sanam Ghorbani Lyastani (CISPA Helmholtz Center for Information Security, Saarland University), Michael Backes (CISPA Helmholtz Center for Information Security), Sven Bugiel (CISPA Helmholtz Center for Information Security)

Heuristics for user experience state that users will transfer their expectations from one product to another. A lack of consistency between products can increase users' cognitive friction, leading to frustration and rejection. This paper presents the first systematic study of the external, functional consistency of two-factor authentication user journeys on top-ranked websites. We find that these websites implement only a minimal number of design aspects consistently (e.g., naming and location of settings) but exhibit mixed design patterns for setup and usage of a second factor. Moreover, we find that some of the more consistently realized aspects, such as descriptions of two-factor authentication, have been described in the literature as problematic and adverse to user experience. Our results advocate for more general UX guidelines for 2FA implementers and raise new research questions about the 2FA user journeys.

View More Papers

Fine-Grained Trackability in Protocol Executions

Ksenia Budykho (Surrey Centre for Cyber Security, University of Surrey, UK), Ioana Boureanu (Surrey Centre for Cyber Security, University of Surrey, UK), Steve Wesemeyer (Surrey Centre for Cyber Security, University of Surrey, UK), Daniel Romero (NCC Group), Matt Lewis (NCC Group), Yogaratnam Rahulan (5G/6G Innovation Centre - 5GIC/6GIC, University of Surrey, UK), Fortunat Rajaona (Surrey…

Read More

BARS: Local Robustness Certification for Deep Learning based Traffic...

Kai Wang (Tsinghua University), Zhiliang Wang (Tsinghua University), Dongqi Han (Tsinghua University), Wenqi Chen (Tsinghua University), Jiahai Yang (Tsinghua University), Xingang Shi (Tsinghua University), Xia Yin (Tsinghua University)

Read More

SynthDB: Synthesizing Database via Program Analysis for Security Testing...

An Chen (University of Georgia), Jiho Lee (University of Virginia), Basanta Chaulagain (University of Georgia), Yonghwi Kwon (University of Virginia), Kyu Hyung Lee (University of Georgia)

Read More

BEAGLE: Forensics of Deep Learning Backdoor Attack for Better...

Siyuan Cheng (Purdue University), Guanhong Tao (Purdue University), Yingqi Liu (Purdue University), Shengwei An (Purdue University), Xiangzhe Xu (Purdue University), Shiwei Feng (Purdue University), Guangyu Shen (Purdue University), Kaiyuan Zhang (Purdue University), Qiuling Xu (Purdue University), Shiqing Ma (Rutgers University), Xiangyu Zhang (Purdue University)

Read More