Passwords and Multi-Factor Authentication improve security and protect essential data of users online. However, the usage of simple and guessable passwords or compromised credentials often lead to several threats online, such as, Identity Theft, Financial Loss, etc. Irrespective of attacks, such as spear phishing attacks being present known for a long time, users still fall prey and sometimes fail to adapt to newer and safer technologies. One such technology is multi-factor authentication technology where in addition to passwords and username, users can authenticate through a second or third factor of authentication such as, One Time Passwords, SMSes, Tokens, Biometeric, etc. Our researchers investigate through detailed usability and adaptability research to understand user’s mental models and risk perception and unpack the difficulties an individual face to adapt such secure and helpful technologies. Several reasons contribute to lower security practices by an individual, including the ignorance or lack of knowledge of the users but also poor and transparent risk communication from security practitioners and organizations. Our user studies follow qualitative, quantitative, and mixed methods and provide actionable items and effective insights which contribute in improving the security practices of individuals and in turn enable protecting the online user data.

Articles in journals or book chapters (1)
  1. L. Jean Camp and Sanchari Das. Studies of 2FA, Why Johnny Can’t Use 2FA and How We Can Change That?. In . Springer US, March 2019.
    Keywords: 2FA, authentication, human factors, usability. [bibtex-entry]

Conference publications (6)
  1. Jacob Abbott, Jayati Dev, Donginn Kim, Shakthidhar Gopavaram, Meera Iyer, Shivani Sadam, Shrirang Mare, Tatiana Ringenberg, Vafa Andalibi, and L. Jean Camp. Privacy Lessons Learnt from Deploying an IoT Ecosystem in the Home. In Proceedings of the 2022 European Symposium on Usable Security, EuroUSEC '22, New York, NY, USA, pages 98–110, 2022. Association for Computing Machinery.
    Keywords: Security, user interviews, smart home, IoT, 2FA, privacy. [bibtex-entry]

  2. Zitao Zhang, Jacob Abbott, Sanchari Das, and L. Jean Camp. Building an Authentication Infrastructure — Designing a Two Factor Authentication Hardware Token with Form Factor that Encourages Engagement. In TPRC 2022: The 50th Research Conference on Communication, Information and Internet Policy, 2022. Social Science Research Network.
    Keywords: Security, UX, 2FA. [bibtex-entry]

  3. Jacob Abbott and Sameer Patil. How Mandatory Second Factor Affects the Authentication User Experience. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, CHI ’20, New York, NY, USA, pages 1–13, 2020. Association for Computing Machinery.
    Keywords: Security, UX, 2FA. [bibtex-entry]

  4. Sanchari Das, Andrew Kim, Shrirang Mare, Joshua Streiff, and L Jean Camp. Security Mandates are Pervasive: An Inter-School Study on Analyzing User Authentication Behavior. In IEEE HUMANS AND CYBER SECURITY WORKSHOP (HACS 2019), 2019. IEEE.
    Keywords: 2FA. [bibtex-entry]

  5. Sanchari Das, Joshua Streiff, Lisa Huber, and L Jean Camp. WHY DON'T ELDERS ADOPT TWO-FACTOR AUTHENTICATION? BECAUSE THEY ARE EXCLUDED BY DESIGN. In Innovation in Aging, Volume 3, Issue Supplement_1, November 2019, pages S325–S326, 2019. GOA.
    Keywords: 2FA. [bibtex-entry]

  6. Sanchari Das, Andrew Dingman, and L. Jean Camp. Why Johnny Doesn’t Use Two Factor A Two-Phase Usability Study of the FIDO U2F Security Key. In 2018 International Conference on Financial Cryptography and Data Security (FC), 2018.
    Keywords: 2FA. [bibtex-entry]