Black Hat is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Two-Factor Authentication, Usable or Not? A Two-Phase Usability Study of the FIDO U2F Security Key

View Recording

Thursday, November 29, 2018
12:00PM-1:00PM PDT

Brought to you by:

One Identity
Why Don't People Use Two Factor? by L. Jean Camp
Two-Factor Authentication, Usable or Not? by Richard Hosgood

Why do people choose to use (or not use) Two Factor Authentication (2FA)? We report on a two-phase study on the Yubico Security Key working with Yubico. Despite the Yubico Security Key being among the best in class for usability among hardware tokens, participants in a think-aloud protocol encountered surprising difficulties, with none in the first round able to complete enrollment without guidance. A website demo, built to make adoption simple, instead, resulted in profound confusion when participants fell into an infinite loop of inadvertently only playacting the installation. We report on a two phase experiment that analyzed acceptability and usability of the Yubico Security Key, a 2FA hardware token implementing Fast Identity Online (FIDO).

This presentation will surprise and inform attendees, showing that usability is not just common sense, but sometimes you need to think sideways to align yourself with your potential users.

Guest Presenter:

L Jean Camp L Jean Camp

L Jean Camp focuses on the intersection of human and technical trust. She is a Professor at the School of Informatics and Computing at Indiana University. She joined Indiana after eight years at Harvard’s Kennedy School.

Sponsor Presenter:

Richard Hosgood Richard Hosgood

Join Richard Hosgood, Principal Systems Engineer for One Identity, where he will walk through some ways to implement two-factor authentication that could increase user adoption. In addition, he will discuss how we have taken a user centric approach in architecting our Privileged Account Management solutions to ensure acceptance and a successful implementation. Forward-thinking technologist, Richard Hosgood, is a Principal Systems Engineer at One Identity who implements best of breed blue team security software in the world’s largest IT environments. In his spare time, he is a red team white hat hacker that specializes in network vulnerability assessments, data exfiltration, network design, and companywide logging. He has held roles at leading Privileged Management, Data Security, Log Management, Insider Threat Detection, Identity Governance, and External Threat security leaders.





Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.


Sustaining Partners