๐ Since 2012, there has been a quest to replace passwords with a more secure authentication mechanism. Passwords have issues such as being hard to remember, frequent compromises, and phishing attacks.
๐ Two-factor authentication (2FA) combines something you know (password) with something you have (like a Yubikey). Many tech companies now require hardware tokens for authentication.
๐งช A study was conducted to evaluate the usability of Yubikeys, focusing on Yubikey Neo and Yubikey Nano. The study involved 31 participants in a lab setting and 25 participants in a longitudinal study.
๐ In the lab study, participants had 55 minutes to learn about Yubikeys and 15 minutes to set them up on Google, Facebook, and Windows 10 accounts. The success rates were:
๐ Participants reported confusion about testing their new authentication mechanisms, which contributed to lower success rates.
๐ Feedback indicated a need for better instructions, clearer UI, and video tutorials. The overall usability score was 50, below the acceptable threshold.
๐ In the longitudinal study, participants used Yubikeys for four weeks. They appreciated the ease of use but still noted room for improvement. The usability score improved to the 70s.
๐ Participants expressed challenges in sharing accounts due to the nature of Yubikeys, which do not allow remote authentication. Concerns about losing the small Yubikey Nano were also noted.
๐ก Key takeaways include the need for standardized setup processes, clear success indications, and the potential for Yubikeys if setup usability is improved. The study's results were well-received by Yubico, indicating a positive trend in usability enhancements.
โ Questions were raised about the impact of prior experience with Yubikeys in workplace settings, suggesting that familiarity could improve usability outcomes.