?url_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Adc&rft.title=%22%60They+brought+in+the+horrible+key+ring+thing!%22+Analysing+the+Usability+of+Two-Factor+Authentication+in+UK+Online+Banking&rft.creator=Krol%2C+K&rft.creator=Philippou%2C+E&rft.creator=Cristofaro%2C+ED&rft.creator=Sasse%2C+MA&rft.description=To+prevent+password+breaches+and+guessing+attacks%2C+banks+increasingly+turn+to+two-factor+authentication+(2FA)%2C+requiring+users+to+present+at+least+one+more+factor%2C+such+as+a+one-time+password+generated+by+a+hardware+token+or+received+via+SMS%2C+besides+a+password.+We+can+expect+some+solutions+--+especially+those+adding+a+token+--+to+create+extra+work+for+users%2C+but+little+research+has+investigated+usability%2C+user+acceptance%2C+and+perceived+security+of+deployed+2FA.+This+paper+presents+an+in-depth+study+of+2FA+usability+with+21+UK+online+banking+customers%2C+16+of+whom+had+accounts+with+more+than+one+bank.+We+collected+a+rich+set+of+qualitative+and+quantitative+data+through+two+rounds+of+semi-structured+interviews%2C+and+an+authentication+diary+over+an+average+of+11+days.+Our+participants+reported+a+wide+range+of+usability+issues%2C+especially+with+the+use+of+hardware+tokens%2C+showing+that+the+mental+and+physical+workload+involved+shapes+how+they+use+online+banking.+Key+targets+for+improvements+are+(i)+the+reduction+in+the+number+of+authentication+steps%2C+and+(ii)+removing+features+that+do+not+add+any+security+but+negatively+affect+the+user+experience.&rft.publisher=The+Internet+Society&rft.date=2015-02-08&rft.type=Proceedings+paper&rft.language=eng&rft.source=+++++In%3A++The+2015+Network+and+Distributed+System+Security+(NDSS)+Symposium%3A+USEC+Workshop.++++The+Internet+Society%3A+Reston%2C+US.+(2015)+++++&rft.format=application%2Fpdf&rft.identifier=https%3A%2F%2Fdiscovery.ucl.ac.uk%2Fid%2Feprint%2F1461425%2F1%2F01_1_4.pdf&rft.identifier=https%3A%2F%2Fdiscovery.ucl.ac.uk%2Fid%2Feprint%2F1461425%2F&rft.rights=open