User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking

Nancie Gunson, Diarmid Marshall, Hazel Morton, Mervyn Jack

Research output: Contribution to journalArticlepeer-review

Abstract

This paper describes an experiment to investigate user perceptions of the usability and security of single-factor and two-factor authentication methods in automated telephone banking. In a controlled experiment with 62 banking customers a knowledge-based, single-factor authentication procedure, based on those commonly used in the financial services industry, was compared with a two-factor approach where in addition to the knowledge-based step, a one-time passcode was generated using a hardware security token. Results were gathered on the usability and perceived security of the two methods described, together with call completion rates and call durations for the two methods. Significant differences were found between the two methods, with the two-factor version being perceived as offering higher levels of security than the single-factor authentication version; however, this gain was offset by significantly lower perceptions of usability, and lower ratings for convenience and ease of use for the two-factor version. In addition, the two-factor authentication version took longer for participants to complete. This research provides valuable empirical evidence of the trade-off between security and usability in automated systems.
Original languageEnglish
Pages (from-to)208-220
JournalComputers and Security
Volume30
Issue number4
DOIs
Publication statusPublished - Jun 2011

Keywords

  • Authentication
  • Two-factor
  • Security
  • Automated telephony
  • Usability
  • Empirical study
  • Dialogue design

Fingerprint Dive into the research topics of 'User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking'. Together they form a unique fingerprint.

Cite this