Abstract by Jonathan Dutson
User Attitudes About DUO Two-Factor Authentication at BYU
Simple password-based authentication provides insufficient protection against account compromise. Although two-factor authentication (2FA) provides users with increased protection against attackers, users have mixed feelings about the usability of 2FA. We surveyed the students, faculty, and staff of BYU to measure user sentiment about DUO Security, BYU's 2FA provider. We find that most users consider DUO to be annoying, and about half of all participants reported at least one instance of being locked out of their BYU account because of an inability to authenticate with DUO. Students and faculty generally had more negative perceptions of DUO than staff. We suggest that user sentiment about 2FA may most easily be improved by 1) helping users develop a sense of self-efficacy regarding 2FA and 2) educating users about the risks mitigated by 2FA.