Understandability of the Technology and Benefit May Not Be Enough to Nudge Users: An Exploratory Study in the Context of FIDO2 Adoption Behavior

The FIDO2 protocol, developed by the FIDO ("Fast IDentity Online") Alliance, allows users to authenticate securely via single-factor passwordless authentication. While FIDO2 eliminates the need for creating/managing passwords across multiple accounts and is secure against several known vul...

Full description

Saved in:
Bibliographic Details
Published inProceedings : annual International Computer Software and Applications Conference pp. 607 - 618
Main Authors Amer, Youssef, Haque, Ehsan Ul, Rong, Zhelun, Hasan Khan, Mohammad Maifi
Format Conference Proceeding
LanguageEnglish
Published IEEE 08.07.2025
Subjects
adoption behavior
Authentication
fido
fido2
Focusing
human-computer interaction
passwordless authentication
Passwords
Phishing
Protocols
Security
Software
Surveys
Usability
usable security
Videos
Online AccessGet full text
ISSN2836-3795
DOI10.1109/COMPSAC65507.2025.00083

Cover

More Information
Summary:The FIDO2 protocol, developed by the FIDO ("Fast IDentity Online") Alliance, allows users to authenticate securely via single-factor passwordless authentication. While FIDO2 eliminates the need for creating/managing passwords across multiple accounts and is secure against several known vulnerabilities that make password-based authentication systems susceptible to security attacks (e.g., phishing attacks, keylogging), prior efforts have noted users' reluctance to adopt FIDO2. This work investigates whether this reluctance could be addressed by communicating a technical explanation and the benefits of FIDO2 authentication. Towards that, we conduct a 2x2 between-subjects study on a sample size of n = 85, showing each group a subset of videos explaining different aspects of the technology. After watching the videos, we assess participants' understanding of the technology and their perception of FIDO2's usability and security benefits via an anonymous survey. We find that explicitly communicating technological information and/or security benefits does not influence participants' intention to adopt it and fails to mitigate users' usability concerns regarding the technology. Interestingly, once we group the participants based on self-reported intention to adopt FIDO2, we find that participants who intend to adopt significantly differ in terms of perceived risk perception, self-efficacy, response efficacy, and response cost (i.e., inconvenience). This underscores the importance of risk communication and self-efficacy development which are more likely to influence participants' intention to adopt the technology. The implications of our findings are discussed in the paper.
ISSN:2836-3795
DOI:10.1109/COMPSAC65507.2025.00083