A Study on Designing Video Tutorials for Promoting Security Features: A Case Study in the Context of Two-Factor Authentication (2FA)

ABSTRACT

This article investigates the effectiveness of informational videos that are designed to provide an introduction to two-step verification (i.e., 2FA) and in turn seeks to improve the adoption rate of 2FA among users. Toward that, eight video tutorials based on three themes (e.g., Risk, Self-efficacy, and Contingency) were designed, and a three-way between-group study with 399 participants on Amazon’s MTurk was conducted. Furthermore, a follow-up study was run to see the changes in participants’ behavior (e.g., enabling of 2FA). The Self-efficacy and Risk themes were found to be the most effective in making the videos more interesting, informative, and useful. Willingness to try 2FA was found to be higher for participants who were exposed to both the Risk and Self-efficacy themes. Participants’ decisions regarding actually enabling 2FA was found to be significantly correlated with how interesting, informative, and useful the videos were. Implications of our findings in a broader context are discussed in the article.

Acknowledgments

Mohammad Maifi Hasan Khan is the lead of the project and contributed by designing the study, overseeing the experiment, analyzing data, and co-authoring the article. Yusuf Albayram assisted in designing the study, ran the experiment, analyzed data, and co-authored the article along with the lead.

Funding

This work is supported by the National Science Foundation under Grant No. CNS-1251962. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funding agency.

Notes

¹ Qualtrics is a survey platform that is used to host surveys and store data (https://www.qualtrics.com).

² The survey instruments used in this study are adopted from prior work (Ion et al., 2015; Stobert & Biddle, 2014; Stobert, 2015; TeleSignReport, 2015) and modified as needed.

³ Participants were asked to rate their agreement to the statements regarding their attitudes toward security, on a 5-point Likert scale ranging from “Strongly Agree” to “Strongly Disagree”. The distribution of responses for these statements can be found in the Appendix (see Figures 4 and 5).

Additional information

Funding

This work is supported by the National Science Foundation under Grant No. CNS-1251962. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funding agency.

Notes on contributors

Yusuf Albayram

Yusuf Albayram is a post-doctoral fellow in the Computer Science and Engineering Department at the University of Connecticut. He received his PhD degree in CSE from UConn. His main research interests are in the interdisciplinary areas of usable security, human–computer interaction, and ubiquitous computing.

Mohammad Maifi Hasan Khan

Mohammad Maifi Hasan Khan is an Assistant Professor in the Department of Computer Science and Engineering at the University of Connecticut. He received his PhD degree in Computer Science from the University of Illinois, Urbana-Champaign. His research interests include usable security, risk communication, and performance modeling and troubleshooting of large-scale systems.

Michael Fagan

Michael Fagan is a PhD student in the Computer Science and Engineering Department at the University of Connecticut. His interests include the human factors of cybersecurity and adoption of secure behaviors, particularly human motivations when making risk-associated decisions. Michael received his BA in History and Computer Science from Vanderbilt University.