New report: User testing of mobile banking authentication methods

This report summarizes the results of an applied research project Innovation and adaptation of authentication technologies for secure digital environment, which tested authentication methods and applications for smartphones. We wanted to determine which authentication methods are perceived as secure and user-friendly by the end users, and which methods users would prefer. The project was funded by the Technology Agency of the Czech Republic and conducted in cooperation with AHEAD iTec, s.r.o.

The testing with users focused on the evaluation of authentication methods (PIN, fingerprint, inserting a smart card into a card reader, and token) and showed a clear preference for fingerprint authentication. It was rated as the easiest to use, the most practical, and the most secure by our respondents. The reasons were indicated in interviews. Users perceive the fingerprint as unique and difficult to misuse (they perceive physical risks as unlikely). They also positively evaluate its current availability and the presence of a backup method.
Due to the stability of the perception and preference of the authentication methods, it is recommended, among other, to strive to increase the security of the methods that users prefer, like the implementation of more secure fingerprint readers.
Although the other tested methods were assessed as less practical (especially those based on the ownership of an additional piece of hardware, like the token and the reader), their evaluation was still overall positive

This technical report may be of interest to security experts, IT security managers, UX experts, and researchers in the field of usable security. The report can help them understand user evaluation of the methods and the factors that influence it.