J. K. Reynolds scite author profile

Two-factor authentication (2FA) significantly improves the security of password-based authentication. Recently, there has been increased interest in Universal 2nd Factor (U2F) security keys-small hardware devices that require users to press a button on the security key to authenticate. To examine the usability of security keys in non-enterprise usage, we conducted two user studies of the YubiKey, a popular line of U2F security keys. The first study tasked 31 participants with configuring a Windows, Google, and Facebook account to authenticate using a YubiKey. This study revealed problems with setup instructions and workflow including users locking themselves out of their operating system or thinking they had successfully enabled 2FA when they had not. In contrast, the second study had 25 participants use a YubiKey in their daily lives over a period of four weeks, revealing that participants generally enjoyed the experience. Conducting both a laboratory and longitudinal study yielded insights into the usability of security keys that would not have been evident from either study in isolation. Based on our analysis, we recommend standardizing the setup process, enabling verification of success, allowing shared accounts, integrating with operating systems, and preventing lockouts.

show abstract

Standard for the transmission of IP datagrams over IEEE 802 networks

Postel¹,

Reynolds²

1988

View full text Add to dashboard Cite

Measuring Identity Confusion with Uniform Resource Locators

Reynolds

Kumar

et al. 2020

View full text Add to dashboard Cite

Post Office Protocol: Version 2

Butler¹,

Postel²,

Chase³

et al. 1985

View full text Add to dashboard Cite

Telnet Protocol specification

Postel¹,

Reynolds²

1980

View full text Add to dashboard Cite

Official Internet protocols

Reynolds¹,

Postel²

1987

View full text Add to dashboard Cite

A Usability Study of Secure Email Deletion

Monson¹,

Reynolds²,

Smith³

et al. 2018

View full text Add to dashboard Cite

Messaging applications like SnapChat illustrate that users are concerned about the permanence of information. We find that this concern extends to email. In this paper we present a usability study of an end-to-end secure email tool with the option to securely delete messages. This tool uses ephemeral keys, one per message thread, and default expiration times, with a user prompt to renew or delete keys. Deleting keys causes the messages in the thread to be unreadable for that user. We compare the usability of this tool to a nearly identical tool that uses long term keys and lacks a feature to expire keys. We also interview participants about their email use patterns and attitudes towards information permanence. We find that participants are especially interested in the ability to control the lifetime of an email message. Participants also report trusting the tool that allowed them to make their email messages ephemeral more than the tool that just encrypted their email.

show abstract

Telnet Binary Transmission

Postel¹,

Reynolds²

1983

View full text Add to dashboard Cite

show abstract

12 3 4

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

J. K. Reynolds

A Tale of Two Studies: The Best and Worst of YubiKey Usability

Standard for the transmission of IP datagrams over IEEE 802 networks

Measuring Identity Confusion with Uniform Resource Locators

Post Office Protocol: Version 2

Telnet Protocol specification

Official Internet protocols

A Usability Study of Secure Email Deletion

Telnet Binary Transmission

Contact Info

Product

Resources

About