Abstract by Jonathan Armknecht
Comparing the Setup of Five Two-Factor Authentication Methods
Passwords are the most widespread form of user authentication on the web. However, they can be easily phished and used to compromise an account. One approach to mitigate this risk is two-factor authentication (2FA), which adds an extra layer of security by requiring users to present two forms of authentication. These forms are a password (something they know), a phone/hardware token (something they have), or a biometric (something they are). We present the result of our usability study comparing the ease of setting up five 2FA methods on Google: SMS messages, push notifications, U2F devices, one-time passwords, and backup codes.