Visible to the public I Like It, but I Hate It: Employee Perceptions Towards an Institutional Transition to BYOD Second-Factor Authentication

TitleI Like It, but I Hate It: Employee Perceptions Towards an Institutional Transition to BYOD Second-Factor Authentication
Publication TypeConference Paper
Year of Publication2017
AuthorsWeidman, Jake, Grossklags, Jens
Conference NameProceedings of the 33rd Annual Computer Security Applications Conference
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5345-8
Keywords2FA, Bring-your-own-device, BYOD, Human Behavior, human behaviour, human factor, human factors, pubcrawl, Security in organizations, Survey study, Two factor Authentication, two-factor authentication
Abstract

The continued acceptance of enhanced security technologies in the private sector, such as two-factor authentication, has prompted significant changes of organizational security practices. While past work has focused on understanding how users in consumer settings react to enhanced security measures for banking, email, and more, little work has been done to explore how these technological transitions and applications occur within organizational settings. Moreover, while many corporations have invested significantly to secure their networks for the sake of protecting valuable intellectual property, academic institutions, which also create troves of intellectual property, have fallen behind in this endeavor. In this paper, we detail a transition from a token-based, two-factor authentication system within an academic institution to an entirely digital system utilizing employee-owned mobile devices. To accomplish this, we first conducted discussions with staff from the Information Security Office to understand the administrative perspective of the transition. Second, our key contribution is the analysis of an in-depth survey to explore the perceived benefits and usability of the novel technological requirements from the employee perspective. In particular, we investigate the implications of the new authentication system based on employee acceptance or opposition to the mandated technological transition, with a specific focus on the utilization of personal devices for workplace authentication.

URLhttp://doi.acm.org/10.1145/3134600.3134629
DOI10.1145/3134600.3134629
Citation Keyweidman_i_2017