Examining usable security features and user perceptions of Physical Authentication Devices

Abstract

Despite the enhanced security benefits offered by Physical Authentication Devices (PADs) compared to other forms of Multi-Factor Authentication (MFA), the adoption and retention of PADs remain relatively low in comparison to other MFA methods. Evidence indicates that the limited widespread adoption and usage of PADs are primarily due to negative user perceptions concerning their usability and security features. Moreover, there's a limited understanding of how users from diverse backgrounds perceive PADs with their varying standards and features. To bridge this knowledge gap, we undertook a multiple case study with 23 users spanning varied demographic characteristics (age, gender, education, and experience with MFA) to use and test three distinct PADs. Case study participants were provided with three unique PAD devices featuring different characteristics/features and were prompted to share their experiences of installation, usage, and troubleshooting over a 2-week span via an initial questionnaire, logbook, and a final interview. The gathered data were analysed using NVIVO, a Qualitative Research Software platform, uncovering notable disparities between user groups and their predilections for specific PADs. Further discussions from our research illuminate four primary areas (Compatibility, Support, Quality and Simplicity) where usable security features impede positive user perception of PAD devices and addressing these areas is crucial for enhancing PAD adoption and retention rates.