Research

Technical Report Results

Technical Report TR730:
Usability and Acceptability of the Yubico Security Key

Andrew C. Dingman, Gianpaolo Russo, and Jean Camp
(Feb 2017), 12
Abstract:
Two-factor authentication is part of the solution to the various failure modes of passwords. The Yubico Security Key is two factor authentication hardware designed to be usable and acceptable. It is an affordable hardware token marketed for users of consumer-facing sites including Google, Dropbox, and GitHub. Yubico has notable usability features, including the tactile interaction and the design goal of ease of use. Here we report on acceptability and usability results that include recommendations for the Yubico Security Key ecosystem. Despite the Yubico Security Key being arguably best in class for usability, users in a think aloud protocol still encountered several difficulties with the current design. We proposed design changes to address the most significant difficulties that users experienced. We document the design changes, recommend others, and describe our future research plans.

Available as:
  • Sorry, no electronic version of this paper is currently available