User perceptions of security, convenience and usability for ebanking authentication tokens

C. S. Weir; G. Douglas; M. Carruthers; Mervyn Jack

doi:10.1016/j.cose.2008.09.008

User perceptions of security, convenience and usability for ebanking authentication tokens

C. S. Weir, G. Douglas, M. Carruthers, Mervyn Jack

School of Engineering

Research output: Contribution to journal › Article › peer-review

Abstract

This research compared three different two-factor methods of eBanking authentication. Three devices employing incremental security layers in the generation of one time passcodes (OTPs) were compared in a repeated-measures, controlled experiment with 50 eBanking customers. Attitudes towards usability and usage logs were taken for each experience. Comparisons of the devices in terms of overall quality, security and convenience as perceived by participants were also recorded. There were significant differences between all three methods in terms of usability measures, perceived quality, convenience and security ratings – with the perceived security ratings following a reverse order to the other measures. Almost two thirds of the participant sample chose the device they perceived the least secure as their preference. Participants were asked to use their preferred method again and tended to find their chosen device more usable. This research illustrates the usability-security trade off, where convenience, quality and usability are sacrificed when increasing layers of security are required. In their preferences, customers were driven by their attitudes towards usability and convenience rather than their perceptions of security.

Original language	English
Pages (from-to)	47-62
Number of pages	16
Journal	Computers and Security
Volume	28
Issue number	1-2
DOIs	https://doi.org/10.1016/j.cose.2008.09.008
Publication status	Published - Feb 2009

Keywords / Materials (for Non-textual outputs)

Usability engineering
Internet Banking
Authentication
Security
Empirical study
Evaluation

Access to Document

10.1016/j.cose.2008.09.008

http://www.sciencedirect.com/science/article/pii/S0167404808000941

Cite this

@article{3151a221ce914015bce26ed143e4a65b,

title = "User perceptions of security, convenience and usability for ebanking authentication tokens",

abstract = "This research compared three different two-factor methods of eBanking authentication. Three devices employing incremental security layers in the generation of one time passcodes (OTPs) were compared in a repeated-measures, controlled experiment with 50 eBanking customers. Attitudes towards usability and usage logs were taken for each experience. Comparisons of the devices in terms of overall quality, security and convenience as perceived by participants were also recorded. There were significant differences between all three methods in terms of usability measures, perceived quality, convenience and security ratings – with the perceived security ratings following a reverse order to the other measures. Almost two thirds of the participant sample chose the device they perceived the least secure as their preference. Participants were asked to use their preferred method again and tended to find their chosen device more usable. This research illustrates the usability-security trade off, where convenience, quality and usability are sacrificed when increasing layers of security are required. In their preferences, customers were driven by their attitudes towards usability and convenience rather than their perceptions of security.",

keywords = "Usability engineering, Internet Banking, Authentication, Security, Empirical study, Evaluation",

author = "Weir, {C. S.} and G. Douglas and M. Carruthers and Mervyn Jack",

year = "2009",

month = feb,

doi = "10.1016/j.cose.2008.09.008",

language = "English",

volume = "28",

pages = "47--62",

journal = "Computers and Security",

publisher = "Elsevier",

number = "1-2",

}

TY - JOUR

T1 - User perceptions of security, convenience and usability for ebanking authentication tokens

AU - Weir, C. S.

AU - Douglas, G.

AU - Carruthers, M.

AU - Jack, Mervyn

PY - 2009/2

Y1 - 2009/2

N2 - This research compared three different two-factor methods of eBanking authentication. Three devices employing incremental security layers in the generation of one time passcodes (OTPs) were compared in a repeated-measures, controlled experiment with 50 eBanking customers. Attitudes towards usability and usage logs were taken for each experience. Comparisons of the devices in terms of overall quality, security and convenience as perceived by participants were also recorded. There were significant differences between all three methods in terms of usability measures, perceived quality, convenience and security ratings – with the perceived security ratings following a reverse order to the other measures. Almost two thirds of the participant sample chose the device they perceived the least secure as their preference. Participants were asked to use their preferred method again and tended to find their chosen device more usable. This research illustrates the usability-security trade off, where convenience, quality and usability are sacrificed when increasing layers of security are required. In their preferences, customers were driven by their attitudes towards usability and convenience rather than their perceptions of security.

AB - This research compared three different two-factor methods of eBanking authentication. Three devices employing incremental security layers in the generation of one time passcodes (OTPs) were compared in a repeated-measures, controlled experiment with 50 eBanking customers. Attitudes towards usability and usage logs were taken for each experience. Comparisons of the devices in terms of overall quality, security and convenience as perceived by participants were also recorded. There were significant differences between all three methods in terms of usability measures, perceived quality, convenience and security ratings – with the perceived security ratings following a reverse order to the other measures. Almost two thirds of the participant sample chose the device they perceived the least secure as their preference. Participants were asked to use their preferred method again and tended to find their chosen device more usable. This research illustrates the usability-security trade off, where convenience, quality and usability are sacrificed when increasing layers of security are required. In their preferences, customers were driven by their attitudes towards usability and convenience rather than their perceptions of security.

KW - Usability engineering

KW - Internet Banking

KW - Authentication

KW - Security

KW - Empirical study

KW - Evaluation

UR - http://www.scopus.com/inward/record.url?scp=57849096551&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2008.09.008

DO - 10.1016/j.cose.2008.09.008

M3 - Article

VL - 28

SP - 47

EP - 62

JO - Computers and Security

JF - Computers and Security

IS - 1-2

ER -

User perceptions of security, convenience and usability for ebanking authentication tokens

Abstract

Keywords / Materials (for Non-textual outputs)

Access to Document

Other files and links

Fingerprint

Cite this