User Characteristics and Their Impact on the Perceived Usable Security of Physical Authentication Devices

Physical authentication devices (PADs) offer a higher level of security than other authentication technologies commonly used in multifactor authentication (MFA) schemes because they are much less vulnerable to attack. However, PAD uptake remains significantly lower than that for SMS and app-based approaches, accounting for only 10% of all authentication technologies currently being utilized in MFA. Prior studies indicate that the primary reason for this low adoption rate is due to negative users' perceptions and attitudes toward the usability of PADs; many of these studies often skew toward a particular set of users (e.g., young university students, etc.), often creating a bias toward what usable security entails. To address this limitation, we have formulated an original research methodology that segments users into specific groups based on their user characteristics (i.e., age, education, and experience) and examines how each group defines usability and ranks their preferences regarding certain security features. Based on a survey of 410 participants, our results indicate that there are indeed different usable security preferences for each user group, and we, therefore, provide recommendations on how existing PADs might be enhanced to support usability and improve adoption rates.