A Systematic Study of the Consistency of Two-Factor Authentication User Journeys on Top-Ranked Websites (Extended Version)

TL;DR

This study systematically analyzes the consistency of two-factor authentication user journeys on top websites, revealing minimal consistency and highlighting areas for improved UX guidelines to reduce user frustration.

Contribution

It provides the first comprehensive analysis of external consistency in 2FA user journeys on leading websites, identifying key inconsistencies and problematic design aspects.

Findings

Websites show minimal consistency in 2FA design aspects.

Descriptions of 2FA are often inconsistent and problematic.

Some consistent aspects are identified as adverse to user experience.

Abstract

Heuristics for user experience state that users will transfer their expectations from one product to another. A lack of consistency between products can increase users' cognitive friction, leading to frustration and rejection. This paper presents the first systematic study of the external, functional consistency of two-factor authentication user journeys on top-ranked websites. We find that these websites implement only a minimal number of design aspects consistently (e.g., naming and location of settings) but exhibit mixed design patterns for setup and usage of a second factor. Moreover, we find that some of the more consistently realized aspects, such as descriptions of two-factor authentication, have been described in the literature as problematic and adverse to user experience. Our results advocate for more general UX guidelines for 2FA implementers and raise new research questions about the 2FA user journeys.