MFA is a Waste of Time! Understanding Negative Connotation Towards MFA Applications via User Generated Content
In Proceedings of the Thriteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019)
10 Pages Posted: 19 Aug 2019
Date Written: July 15, 2019
Abstract
Traditional single-factor authentication possesses several critical security vulnerabilities due to single-point failure feature. Multi-factor authentication (MFA), intends to enhance security by providing additional verification steps. However, in practical deployment, users often experience dissatisfaction while using MFA, which leads to non-adoption. In order to understand the current design and usability issues with MFA, we analyze aggregated user generated comments (N = 12,500) about application-based MFA tools from major distributors, such as, Amazon, Google Play, Apple App Store, and others. While some users acknowledge the security benefits of MFA, majority of them still faced problems with initial configuration, system design understanding, limited device compatibility, and risk trade-offs leading to non-adoption of MFA. Based on these results, we provide actionable recommendations in technological design, initial training, and risk communication to improve the adoption and user experience of MFA.
Keywords: Multi Factor Authentication, Sentiment Analysis, User Perception
Suggested Citation: Suggested Citation