Evaluating User Perception of Multi-Factor Authentication: A Systematic Review
This work highlights a critical gap in user-centered research for MFA, which is essential for improving usability and adoption in security practices.
The paper conducted a systematic review of 623 academic papers on Multi-Factor Authentication (MFA) technologies, finding that only 9.1% included user evaluation research, and meta-analysis of 57 user-focused studies revealed low adoption rates and pervasive avoidance in mandatory use, along with reporting discrepancies and demographic biases.
Security vulnerabilities of traditional single factor authentication has become a major concern for security practitioners and researchers. To mitigate single point failures, new and technologically advanced Multi-Factor Authentication (MFA) tools have been developed as security solutions. However, the usability and adoption of such tools have raised concerns. An obvious solution can be viewed as conducting user studies to create more user-friendly MFA tools. To learn more, we performed a systematic literature review of recently published academic papers (N = 623) that primarily focused on MFA technologies. While majority of these papers (m = 300) proposed new MFA tools, only 9.1% of papers performed any user evaluation research. Our meta-analysis of user focused studies (n = 57) showed that researchers found lower adoption rate to be inevitable for MFAs, while avoidance was pervasive among mandatory use. Furthermore, we noted several reporting and methodological discrepancies in the user focused studies. We identified trends in participant recruitment that is indicative of demographic biases.