Evaluating User Perception of Multi-Factor Authentication: A Systematic Review

TL;DR

This systematic review analyzes the current state of multi-factor authentication (MFA) research, highlighting usability concerns, low user adoption, and methodological issues in existing studies, emphasizing the need for user-centered design improvements.

Contribution

The paper provides a comprehensive meta-analysis of MFA user studies, revealing low adoption rates and methodological biases, and underscores the importance of user-focused evaluation in MFA development.

Findings

Only 9.1% of MFA papers included user evaluation

Lower adoption rates are common for MFA systems

Methodological discrepancies and demographic biases are prevalent in studies

Abstract

Security vulnerabilities of traditional single factor authentication has become a major concern for security practitioners and researchers. To mitigate single point failures, new and technologically advanced Multi-Factor Authentication (MFA) tools have been developed as security solutions. However, the usability and adoption of such tools have raised concerns. An obvious solution can be viewed as conducting user studies to create more user-friendly MFA tools. To learn more, we performed a systematic literature review of recently published academic papers (N = 623) that primarily focused on MFA technologies. While majority of these papers (m = 300) proposed new MFA tools, only 9.1% of papers performed any user evaluation research. Our meta-analysis of user focused studies (n = 57) showed that researchers found lower adoption rate to be inevitable for MFAs, while avoidance was pervasive among mandatory use. Furthermore, we noted several reporting and methodological discrepancies in the user focused studies. We identified trends in participant recruitment that is indicative of demographic biases.