Measuring user costs of enterprise multifactor authentication policies
Mar
13
2024
Inizio: Mar 13 | 12:00 pm
Fine : Mar 13 | 01:15 pm
Categoria: Tag:Via Lambruschini, 4B 20156 Milano MI
Condividi Lunch Seminar in presence
Building BL26/B – Room 0.19 (ground floor)
Department of Management, Economics and Industrial Engineering
Via R. Lambruschini, 4/B
Neil Gandal
Tel Aviv University, Israel
Abstract:
Multifactor authentication (MFA) is one of the most important security controls, topping most lists of cyber hygiene activities advocated by experts. While the security benefits may be
substantial, less attention has been paid to the impact on users by the added friction introduced by the more strigent precautions.
In this paper, we construct and analyze a dataset of authentication logs from a University population spanning two years. We focus on two types of costs experienced by users: (1) the elapsed time resulting from errors and failed authentications and (2) the time spent away from IT applications following a failed authentication before attempting to reauthenticate.
The first measure tracks the excess time dedicated to the authentication when users encounter problems, while the second captures how user frustration can manifest by avoiding or delaying future engagement after experiencing failures.
Following an exogenous change in MFA policy from a deny/approve mobile notification to a more cumbersome two-digit code mobile notification confirmation, we observe significant increases to the time spent away following failures.
Neil Gandal is the “Henry Kaufman Professor in International Capital Markets” in the Berglas School of Economics at Tel Aviv University. He received his B.A. and B.S. degrees from Miami University (Ohio) in 1979, his M.S. degree from the University of Wisconsin in 1981, and his Ph.D. from the University of California-Berkeley in 1989. Professor Gandal has published numerous empirical papers in industrial organization, digital economics, the economics of network effects, and the economics of the software & Internet industries. His papers have received more than 8500 citations at Google Scholar. He is a research fellow at the Centre for Economic Policy Research (CEPR.)
Professor Gandal was a managing editor at the International Journal of Industrial Organization (IJIO) from 2005-2012. In this capacity, he edited many empirical papers using a wide range of econometric techniques. Following his editorship at the IJIO, he was named “Honorary Editor” of the journal. He is the only honorary editor in the history of the IJIO.
