Yubikey Usability Study – Results for lab + longitudinal study

From IIW

YubiKey Usability Study

Tuesday 5H

Convener: Kent Seamons

Notes-taker(s): Kent Seamons

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

In this session, Kent Seamons presented results from two recent user studies of YubiKey - a laboratory study and a longitudinal study.

Study 1 focused on the setup phase. Participants set up a YubiKey on Google, Facebook, and Windows 10. The majority of users were able to set up Google easily using a Wizard. Less than half succeed with Facebook and Windows 10. Overall, the usability of the setup phase was low.

Study 2 focused on daily use, and participants were given a YubiKey for one month to use to login to Google, Facebook, and Windows 10. In general, users liked their experience and gave it high usability scores. Some users indicated they preferred the YubiKey to SMS two-factor authentication (2FA). Some users disliked the small form factor of the Nano. 

We finished by talking about future user study plans that broaden the scope to include all types of 2FA (SMS, TOTP, push notifications, hardware tokens, and OTP). Suggestions were made to incorporate mobile-phone only applications and command line 2FA.

Contact Kent Seamons at seamons@cs.byu.edu for more information about the studies. A research paper is forthcoming.