Usability Comparison between U2F-based Security Keys, TOTP and Plain Passwords : A Structured Literature Review

Abstract: Multi-factor authentication is a term that was foreign until a few years ago. But in reality, it has been around for decades in the world of computer security. In theory, has the purpose to improve the security of user authentication by adding an extra layer of security to the process. Although password authentication has been shown to be an imperfect technique, it is still the most widely used today. That is why this research has been carried out, to shed light on the issue of why multi-factor authentication is not a fundamental pillar in security. For this, two promising protocols of the second authentication factor have been chosen, Time-based One-time Password (TOTP) and Universal 2nd Factor (U2F), and the usability of these methods has been compared together with password authentication usability as well. A Systematic Literature Review has been executed to answer the raised research question. Although the setup and login processes of the protocols are excessively slow, the results show that the U2F devices are overall more usable than TOTP, as they have a more “friendly” daily usage. But not enough data has been found on TOTP to be able to make a comparison with a solid basis.