Non-inclusive online security: Older Adults' experience with two-factor authentication

Abstract

Older adults access critical resources online, including bank, retirement, and health insurance accounts. Thus, it is necessary to protect their accounts so they can confidently use these services that are increasingly being moved online. Two-factor authentication (2FA) protects online assets through efficient and robust authentication, but adoption and usability remain a challenge. Our in-depth qualitative research focuses on ten older adults' (= 60 years) sustained (non)usage of 2FA for thirty days. Participants' limited adoption of the security keys stemmed from keys' non-inclusive design, lack of tangible benefits, inconsistent instructions, and device dependencies. We propose appropriate assistance, risk communication, registration process changes, and alignment of security-focused requirements to encourage 2FA adoption among older adults and institutions entrusted with their data. We also introduce the concept of 'Security Caregivers,' who can ensure security and digital independence for the aging population.