Two-Factor Authentication, Usable or Not? A Two-Phase Usability Study of the FIDO U2F Security Key


Registration

Thursday, November 29, 2018
12:00PM-1:00PM PDT
60 MINUTES, INCLUDING Q&A



Brought to you by:

One Identity

Why do people choose to use (or not use) Two Factor Authentication (2FA)? We report on a two-phase study on the Yubico Security Key working with Yubico. Despite the Yubico Security Key being among the best in class for usability among hardware tokens, participants in a think-aloud protocol encountered surprising difficulties, with none in the first round able to complete enrollment without guidance. A website demo, built to make adoption simple, instead, resulted in profound confusion when participants fell into an infinite loop of inadvertently only playacting the installation. We report on a two phase experiment that analyzed acceptability and usability of the Yubico Security Key, a 2FA hardware token implementing Fast Identity Online (FIDO).

This presentation will surprise and inform attendees, showing that usability is not just common sense, but sometimes you need to think sideways to align yourself with your potential users.

Guest Presenter:

L Jean Camp L Jean Camp

L Jean Camp focuses on the intersection of human and technical trust. She is a Professor at the School of Informatics and Computing at Indiana University. She joined Indiana after eight years at Harvard’s Kennedy School.

Sponsor Presenter:

Richard Hosgood Richard Hosgood

Join Richard Hosgood, Principal Systems Engineer for One Identity, where he will walk through some ways to implement two-factor authentication that could increase user adoption. In addition, he will discuss how we have taken a user centric approach in architecting our Privileged Account Management solutions to ensure acceptance and a successful implementation. Forward-thinking technologist, Richard Hosgood, is a Principal Systems Engineer at One Identity who implements best of breed blue team security software in the world’s largest IT environments. In his spare time, he is a red team white hat hacker that specializes in network vulnerability assessments, data exfiltration, network design, and companywide logging. He has held roles at leading Privileged Management, Data Security, Log Management, Insider Threat Detection, Identity Governance, and External Threat security leaders.

UpcomingEvents

ShowCoverage

 

StayConnected

Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.

 

Sustaining Partners

Accenture
 Carbon Black
 Cisco
CrowdStrike
Qualys
 SecurityScorecard
ServiceNow
Tenable