"why would Someone Hack Me out of Thousands of Students": Video Presenter's Impact on Motivating Users to Adopt 2FA

Abstract

The voluntary adoption rate of two-factor authentication (2FA) remains low. This paper investigates whether video-based risk communication messages about Duo 2FA impacts voluntary 2FA adoption rate when delivered by a human speaker versus a cartoon speaker. We conducted an online two-phased survey-based study with 435 university students comprised of those who have not enabled Duo 2FA (non-adopters) on their university account as well as those who had previously enabled Duo 2FA (adopters). Participants in the non-adopters group (139) were assigned to one of the three groups: Threat-R (human speaker video), Threat-A (cartoon speaker video), and Control (no video). We found that 31% of participants enabled Duo 2FA through the human speaker video message compared to 7% with the cartoon speaker video message. However, there was no significant difference between the treatment and control groups (17% of participants enabled Duo 2FA in the Control group). Nevertheless, the treatment group participants showed their intention to activate Duo 2FA on their university account in the future. Those who enabled Duo 2FA rated Duo's usability as good. Moreover, enabling Duo 2FA on university accounts led some participants to enable 2FA on other online accounts. Our findings suggest that risk communication through videos that have a human speaker could increase users' willingness to adopt security features.