skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: “Don’t punish all of us”: Measuring User Attitudes about Two-Factor Authentication
Two-factor authentication (2FA) defends against password compromise by a remote attacker. We surveyed 4,275 students, faculty, and staff at Brigham Young University to measure user sentiment about Duo 2FA one year after the university adopted it. The results were mixed. A majority of the participants felt more secure using Duo and felt it was easy to use. About half of all participants reported at least one instance of being locked out of their university account because of an inability to authenticate with Duo. We found that students and faculty generally had more negative perceptions of Duo than staff. The survey responses reveal some pain points for Duo users. In response, we offer recommendations that reduce the frequency of 2FA for users. We also suggest UI changes that draw more attention to 2FA methods that do not require WiFi, the “Remember Me” setting, and the help utility.  more » « less
Award ID(s):
1816929
PAR ID:
10110682
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
Fifth European Workshop on Usable Security (EuroUSEC)
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. (, International Journal of Research in Education and Science)
    Noroozi, O (Ed.)
    Survey data were gathered from college and university faculty, staff, and administrators at Hispanic-Serving Institutions (HSI) regarding Hispanic culture and Hispanic students as part of an NSF-funded investigation that focused on the characteristics and programming of HSIs as well as the background and experiences of their students. Two surveys of students were also conducted. A minimum of 44 HSIs in Texas, New Mexico, and Colorado were represented in the 393 usable responses gathered from faculty, staff, and administrators. Fourteen HSIs in New Mexico and Texas were represented in student survey data gathered in 2018 and three in north Texas in a survey completed in 2019. Responses from 213 Hispanic students were isolated from the 2018 student survey and 307 from the 2019 data. This material was used to verify and expand on the findings from the survey of faculty, staff, and administrators. A consistent and strong difference of opinion was found between Hispanic faculty, staff, and administrators at the HSIs and their non-Hispanic peers regarding information available to higher education professionals about Hispanic culture, the elements of Hispanic culture, and the characteristics and background of Hispanic students. Survey responses of Hispanic students confirmed, at many points, that the perspective of the Hispanic faculty, staff, and administrators was accurate. It appears, based on this information, that the non-Hispanic employees at the HSIs were less well informed about Hispanic culture and a major portion of their student population than would be desirable. The findings, while from the south-central United States, can inform multiple academic and support services at Hispanic-Serving Institutions and other colleges and universities as they include information about how Hispanic culture is understood by Hispanics, detail gaps in competence regarding Hispanic culture among faculty, staff, and administrators at HSIs, and describe characteristics and the cultural orientation of Hispanic students attending the HSIs in the sample. 
    more » « less
  2. ; ; ; ; ; (, Proceedings of the Fifteenth Symposium on Usable Privacy and Security)
    Two-factor authentication (2FA) defends against account compromise. An account secured with 2FA typically requires an individual to authenticate using something they know—typically a password—as well as something they have, such as a cell phone or hardware token. Many 2FA methods in widespread use today have not been subjected to adequate usability testing. Furthermore, previous 2FA usability research is difficult to compare due to widely-varying contexts across different studies. We conducted a two-week, between-subjects usability study of five common 2FA methods with 72 participants, collecting both quantitative and qualitative data. Participants logged into a simulated banking website nearly every day using 2FA and completed an assigned task. Participants generally gave high marks to the methods studied, and many expressed an interest in using 2FA to provide more security for their sensitive online accounts. We also conducted a within-subjects laboratory study with 30 participants to assess the general usability of the setup procedure for the five methods. While a few participants experienced difficulty setting up a hardware token and a one-time password, in general, users found the methods easy to set up. 
    more » « less
  3. ; ; ; ; ; (, IEEE)
    This research, full paper examines the impact of introducing asset-based perspectives on faculty mental models of teaching and learning through participation in a Community of Practice. Ongoing research at California State University, Los Angeles is exploring how faculty perspectives are affected after participating in a community of practice intended to promote asset-based thinking towards students. This research challenges the factory-based framing of engineering education and advocates for an ecosystem model, where all participants-students, faculty, and staff-recognize their interdependence and embrace authenticity. This paper is based on qualitative data from minute papers, or participant reflections. Through inductive qualitative coding of this data, the research team has developed a code book with themes around Insights into Mindsets and Critical Points regarding understanding asset-based perspectives. Our results, contribute to the conversation about changing mental models, by tracing the journey of different faculty as they learn about asset-based perspective, process their learning through discussion and application, and how introducing this different framework affects faculty perspectives on students. This conversation is particularly important as we continue to create more inclusive classrooms, especially when faculty and students have differing experiences, based on different social identities (e.g. different racial/ethnic identities, socioeconomic status, gender identity). The contributions will also include implications for practice as we understand how faculty consider asset-based perspectives. 
    more » « less
  4. ; ; ; ; ; ; ; ; ; ; et al (, ACM inroads)
    For the third consecutive year, Scholarship for Service (SFS) scholars at the University of Maryland, Baltimore County (UMBC) analyzed the security of targeted portions of the UMBC computer systems. During these hands-on studies, with complete access to sourcecode, students identified vulnerabilities, devised and implemented exploits, and recommended mitigations. We report on our continuing experiences with these project-based learning studies, focusing on the new problems addressed in January 2018 and 2019 and on the lessons we learned. In 2018, students analyzed the WebAdmin custom software that UMBC students, faculty, and staff use to manage credentials and accounts. Students found a beautifully instructive example of a “confused-deputy attack,” wherein an IT staff member—–through carrying out their proper procedures for resetting a user password—–unwittingly executes malware on their own machine by viewing the answers to security questions. In 2019, students analyzed the Virthost system UMBC uses to host student webpages. Organizer Alan Sherman created a powerful learning experience by secretly recruiting one of the participants to serve as a “mole,” passively collecting passwords from the other participants throughout the week. Our students found the collaborative experiences inspirational; students and educators appreciated the authentic case studies; and IT administrators gained access to future employees and received free recommendations for improving the security of their systems. 
    more » « less
  5. ; (, ASEE Annual Conference proceedings)
    In this paper we present an evaluation and lessons learned from a joint Research Experience for Undergraduates (REU) and Research Experience for Teachers (RET) program focused on energy and sustainability topics within a Materials Science and Engineering program at a public university. This program brought eleven undergraduate science and engineering students with diverse educational and institutional backgrounds and four local middle and high school teachers on campus for an 8-week research experience working in established lab groups at the university. Using the Qualtrics online survey software, we conducted pre-experience and post-experience surveys of the participants to assess the effects of participating in this summer research program. At the beginning of the summer, all participants provided their definition of technical research and described what they hoped to get out of their research experience, and the undergraduate students described their future career and educational plans. At the conclusion of the summer, a post-experience survey presented participants’ with their answers from the beginning of the summer and asked them to reflect on how their understanding of research and future plans involving research changed over the course of the summer experience. Many participants evolved a new understanding of research as a result of participating in the summer experience. In particular, they better recognized the collaborative nature of research and the challenges that can arise as part of the process of doing research. Participants acquired both technical and professional skills that they found useful, such as learning new programming languages, becoming proficient at using new pieces of equipment, reviewing technical literature, and improving presentation and communication skills. Undergraduates benefited from developing new relationships with their peers, while the teacher participants benefited from developing relationships with faculty and staff at the university. While most of the participants felt that they were better prepared for future studies or employment, they did not feel like the summer research experience had a significant impact on their future career or degree plans. Finally, while almost all of the participants described their summer research experience as positive, areas for improvement included better planning and access to mentors, as well as more structured activities for the teachers to adapt their research activities for the classroom. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email