DuoLungo: Usability Study of Duo 2FA
Renascence Tarafder Prapty, Gene Tsudik
TL;DR
This large-scale study evaluates the usability of Duo 2FA at a university, measuring task time, failure rates, and user perceptions, revealing generally good usability with some annoyances and areas for improvement.
Contribution
It provides the first comprehensive, recent usability analysis of Duo 2FA using log data and surveys from over 2,500 users in an academic setting.
Findings
Average Duo Push task time is nearly 8 seconds.
Authentication failure rate is 4.35%.
Duo SUS score is 70, indicating good usability.
Abstract
Multi-Factor Authentication (MFA) enhances login security by requiring multiple authentication factors. Its adoption has increased in response to more frequent and sophisticated attacks. Duo is widely used by organizations including Fortune 500 companies and major educational institutions, yet its usability has not been examined thoroughly or recently. Earlier studies focused on technical challenges during initial deployment but did not measure core usability metrics such as task completion time or System Usability Scale (SUS) scores. These results are also outdated, originating from a time when MFA was less familiar to typical users. We conducted a long-term, large-scale Duo usability study at the University of California Irvine during the 2024-2025 academic year, involving 2559 participants. Our analysis uses authentication log data and a survey of 57 randomly selected users. The…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsUser Authentication and Security Systems · Information and Cyber Security · Web Application Security Vulnerabilities