• Skip to Content
  • Skip to Main Navigation
  • Skip to Search

Indiana University Bloomington Indiana University Bloomington IU Bloomington

Open Search
  • Our people
  • Our research
  • Degree Programs
  • Cybersecurity resources
  • News & Events
    • Cybersecurity in the news

Security and Privacy in
Informatics, Computing, and Engineering

  • Home
  • Our people
  • Our research
  • Degree Programs
  • Cybersecurity resources
  • News & Events
    • Cybersecurity in the news
  • Search
  • Home
  • News & Events
  • News - Manual
  • Grad student Zitao Zhang Presents on Building An Authentication Infrastructure via TPRC Conference

Grad student Zitao Zhang Presents on Building An Authentication Infrastructure via TPRC Conference

By: Joshua Streiff

Friday, September 30, 2022

 a two factor authentication hardware token
Two factor authentication hardware token

On Sept 16th, Zitao Zhang presented research entitled “Building An Authentication Infrastructure — Designing a Two Factor Authentication Hardware Token with Form Factor that Encourages Engagement” at this year’s TPRC 2022 conference. Co-Authors of this research included Prof. L. Jean Camp and Dr. Jacob Abbott from Indiana University’s Luddy School of Informatics, Computing, and Engineering and Assistant Professor Sanchari Das from the Ritchie School of Engineering and Computer Science, University of Denver.

This research project aimed at understanding what the determining factors and barriers are for why people adopt, or not, the use of hardware security tokens. In this study, 200 free Yubikey security tokens were distributed to students and followed with a survey at the beginning and end of a semester to collect feedback on their attitudes and if they continued to use the security tokens. Very few (n=14) of the students who received security tokens responded to the end of semester survey, but the majority reported having discontinued use of the security token in favor of authenticating through push notification mechanism on their mobile phone.

Additionally, the research prototyped an alternative form-factor implementing a custom designed card-like Yubikey interface. The prototype addressed findings on usability issues from existing studies and then was subjected to a Wizard-of-Oz usability workshop where participants were asked to use the prototype and it appeared to be fully functional. The prototype was formed similar to that of a credit card with a USB-A and USB-C connection that could be slid to either side to act as the security token during the study. Participants brought up additional form factor issues such as fear of breaking the token or losing the card, and did not understand a benefit when compared to authenticating on their mobile phone.

Research results revealed that design alone cannot make people adopt or consistently use the hardware security token. A mix method of design and public education campaigns will be needed to strengthen security infrastructure. Additionally, the results indicate the need for future research targeted towards specific populations such as older adults, users with low socioeconomic status, or those with jobs in a security setting for future inquiry.

The presentation of the work can be seen from the TPRC presentation recording starting at the 31:45 marker.

  • Cybersecurity in the news

Security and Privacy in Informatics, Computing, and Engineering resources

  • Luddy School of Informatics, Computing, and Engineering

Indiana University

Accessibility | College Scorecard | Privacy Notice | Copyright © 2025 The Trustees of Indiana University