Any Usability Test on 2-factor Authentication?

15 Aug 2007 - 1:55pm
7 years ago
2 replies
692 reads
Shima Kazerooni
2007

Hi,

I am doing a research about two-factor authentication (those device generated numbers that are used along with user name and password for logging in to a computer or website). For example, RSA has the following devices and software:

http://www.rsa.com/products/securid/datasheets/SID_DS_0307.pdf

I was wondering if anybody knows about any usability test/research done on that. Has the number that is generated and displayed on the device created any anxiety for the users?

Thank you,
Shima

____________________________________________________________________________________
Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7

Comments

16 Aug 2007 - 9:18am
Alexander Baxevanis
2007

The main usability issue that I've faced is the fact that the number
is set to change every minute (of course, this is part of the
security). Sometimes it happens that the login process takes a while
(e.g. when logging in to a corporate VPN using a slow connection) and
the number is about to change, so by the time my login details are
validated, the number is no longer valid and I have to repeat this
process.

By the way, I have something called a "software token", i.e. a piece
of software that runs on my laptop and shows this number, which allows
me to copy/paste the number into a text field. I can imagine the
problem I describe could happen more often if you actually have to
type the numbers reading them from a small LCD screen.

Speaking of small LCD screens (which I don't think have got any
backlight?) there can be alls sorts of readability issues that could
make copying the numbers much slower.

Hope this helps,

Alex

On 8/15/07, Shima Kazerooni <shkazerooni at yahoo.com> wrote:
> Hi,
>
> I am doing a research about two-factor authentication (those device generated numbers that are used along with user name and password for logging in to a computer or website). For example, RSA has the following devices and software:
>
> http://www.rsa.com/products/securid/datasheets/SID_DS_0307.pdf
>
> I was wondering if anybody knows about any usability test/research done on that. Has the number that is generated and displayed on the device created any anxiety for the users?
>
> Thank you,
> Shima
>
>
> ____________________________________________________________________________________
> Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> List Guidelines ............ http://beta.ixda.org/guidelines
> List Help .................. http://beta.ixda.org/help
> Unsubscribe ................ http://beta.ixda.org/unsubscribe
> Questions .................. list at ixda.org
> Home ....................... http://beta.ixda.org
>

16 Aug 2007 - 11:40am
Alexander Baxevanis
2007

To be fair, just noticed in their website that they do offer such a
device in the format of the USB stick, which links up with computer
software to automatically read & enter the code.

But given that these devices are often issued to hundreds of
employees, I doubt if a lot of companies would pay the extra cost to
offer the USB model.

On 8/16/07, Alexander Baxevanis <alex.baxevanis at gmail.com> wrote:
> The main usability issue that I've faced is the fact that the number
> is set to change every minute (of course, this is part of the
> security). Sometimes it happens that the login process takes a while
> (e.g. when logging in to a corporate VPN using a slow connection) and
> the number is about to change, so by the time my login details are
> validated, the number is no longer valid and I have to repeat this
> process.
>
> By the way, I have something called a "software token", i.e. a piece
> of software that runs on my laptop and shows this number, which allows
> me to copy/paste the number into a text field. I can imagine the
> problem I describe could happen more often if you actually have to
> type the numbers reading them from a small LCD screen.
>
> Speaking of small LCD screens (which I don't think have got any
> backlight?) there can be alls sorts of readability issues that could
> make copying the numbers much slower.
>
> Hope this helps,
>
> Alex
>
> On 8/15/07, Shima Kazerooni <shkazerooni at yahoo.com> wrote:
> > Hi,
> >
> > I am doing a research about two-factor authentication (those device generated numbers that are used along with user name and password for logging in to a computer or website). For example, RSA has the following devices and software:
> >
> > http://www.rsa.com/products/securid/datasheets/SID_DS_0307.pdf
> >
> > I was wondering if anybody knows about any usability test/research done on that. Has the number that is generated and displayed on the device created any anxiety for the users?
> >
> > Thank you,
> > Shima
> >
> >
> > ____________________________________________________________________________________
> > Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
> > ________________________________________________________________
> > Welcome to the Interaction Design Association (IxDA)!
> > To post to this list ....... discuss at ixda.org
> > List Guidelines ............ http://beta.ixda.org/guidelines
> > List Help .................. http://beta.ixda.org/help
> > Unsubscribe ................ http://beta.ixda.org/unsubscribe
> > Questions .................. list at ixda.org
> > Home ....................... http://beta.ixda.org
> >
>

Syndicate content Get the feed