Abstract
Due to attackers having the ability to access users' accounts easily, organizations are now prompting users to enable two-factor authentication as an additional layer of security. Although two-factor authentication may decrease the probability of an attacker compromising a user's account, it has come with its own set of challenges. We investigated the ongoing issues surrounding two-factor authentication to develop solutions to improve the overall system. We used millions of authentication logs to determine the frequency and impact authentication failures have on users. We then deployed two surveys to CSU Sacramento students and MTurk users to measure their opinion towards using two-factor authentication daily. To measure the security of two-factor authentication, we determined the frequency users would recognize and pay attention to the information displayed during a push authentication request. We also collected the Apple App Store to identify users’ sentiments toward two-factor authentication. We identified that the most critical issue that two-factor authentication faced was that users were susceptible to losing their accounts due to not remembering their recovery passwords. Therefore, we proposed an alternative recovery authenticator that allows users to recover their two-factor authentication keys without a password.