"Nah, it's just annoying!" A Deep Dive into User Perceptions of Two-Factor Authentication

Karola Marky, Kirill Ragozin, George Chernyshov, Andrii Matviienko, Martin Schmitz, Max Mühlhäuser, Chloe Eghtebas, Kai Kunze

Research output: Contribution to journalArticlepeer-review

4 Citations (Scopus)


Two-factor authentication (2FA) is a recommended or imposed authentication mechanism for valuable online assets. However, 2FA mechanisms usually exhibit user experience issues that create user friction and even lead to poor acceptance, hampering the wider spread of 2FA. In this article, we investigate user perceptions of 2FA through in-depth interviews with 42 participants, revealing key requirements that are not well met today despite recently emerged 2FA solutions. First, we investigate past experiences with authentication mechanisms emphasizing problems and aspects that hamper good user experience. Second, we investigate the different authentication factors more closely. Our results reveal particularly interesting preferences regarding the authentication factor "ownership"in terms of properties, physical realizations, and interaction. These findings suggest a path toward 2FA mechanisms with considerably better user experience, promising to improve the acceptance and hence, the proliferation of 2FA for the benefit of security in the digital world.

Original languageEnglish
Article number43
JournalACM Transactions on Computer-Human Interaction
Issue number5
Publication statusPublished - 2022 Oct 20


  • human factors
  • Two-factor authentication
  • usability
  • user experience

ASJC Scopus subject areas

  • Human-Computer Interaction


Dive into the research topics of '"Nah, it's just annoying!" A Deep Dive into User Perceptions of Two-Factor Authentication'. Together they form a unique fingerprint.

Cite this