
Volume 12, Issue 6 (June 2025), Pages: 1-12
----------------------------------------------
Original Research Paper
Usability and security in online authentication systems
Author(s):
Randa Allafi, Abdulbasit A. Darem *
Affiliation(s):
Department of Computer Science, College of Science, Northern Border University, Arar, Saudi Arabia
Full text
Full Text - PDF
* Corresponding Author.
Corresponding author's ORCID profile: https://orcid.org/0000-0002-5650-1838
Digital Object Identifier (DOI)
https://doi.org/10.21833/ijaas.2025.06.001
Abstract
This study examines the balance between usability and security in electronic online services by comparing the effectiveness and user experience of different authentication methods, including password-only authentication, multi-factor authentication (MFA), and biometric authentication. A mixed-methods approach was used to collect both quantitative and qualitative data through usability tests, surveys, semi-structured interviews, and case studies. The findings reveal a clear trade-off between usability and security. While MFA offers stronger protection, it poses usability challenges, especially for novice users who face more errors and take longer to complete tasks. In contrast, password-only authentication was faster and easier, but was seen as inadequate for protecting sensitive data. Biometric authentication emerged as the most preferred option, receiving high satisfaction ratings from both novice and experienced users due to its balance between ease of use and security. These results emphasize the importance of designing user-centered security solutions, such as increasing the adoption of biometric methods and simplifying MFA to enhance the user experience without sacrificing security. The study offers practical recommendations for developers and security professionals to create more accessible and secure online services.
© 2025 The Authors. Published by IASE.
This is an open access article under the CC BY-NC-ND license ( http://creativecommons.org/licenses/by-nc-nd/4.0/).
Keywords
Usability, Security, Multi-factor authentication, Biometric authentication, User experience
Article history
Received 25 September 2024, Received in revised form 28 March 2025, Accepted 20 May 2025
Acknowledgment
The authors gratefully acknowledge the approval and the support of this research study by grant no. SCIA-2023-12-2361 from the Deanship of Scientific Research at Northern Border University, Arar, K.S.A.
Compliance with ethical standards
Conflict of interest: The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.
Citation:
Allafi R and Darem AA (2025). Usability and security in online authentication systems. International Journal of Advanced and Applied Sciences, 12(6): 1-12
Permanent Link to this page
Figures
Fig. 1 Fig. 2 Fig. 3 Fig. 4 Fig. 5
Tables
Table 1 Table 2 Table 3 Table 4 Table 5 Table 6 Table 7 Table 8
----------------------------------------------
References (35)
- Alarifi A, Alsaleh M, and Alomar N (2017). A model for evaluating the security and usability of e-banking platforms. Computing, 99: 519-535. https://doi.org/10.1007/s00607-017-0546-9 [Google Scholar]
- Alsaleh M, Alarifi A, Alshaikh Z, and Zarour M (2015). Online banking security and usability-towards an effective evaluation framework. In the Proceedings of 11th International Conference on Web Information Systems and Technologies (WEBIST-2015), SciTePress, Lisbon, Portugal: 141-149. https://doi.org/10.5220/0005493901410149 [Google Scholar]
- Alshamari M (2016). A review of gaps between usability and security/privacy. International Journal of Communications, Network and System Sciences, 9(10): 413-429. https://doi.org/10.4236/ijcns.2016.910034 [Google Scholar]
- Alwashmi MF, Hawboldt J, Davis E, and Fetters MD (2019). The iterative convergent design for mobile health usability testing: Mixed methods approach. JMIR mHealth and uHealth, 7(4): e11656. https://doi.org/10.2196/11656 [Google Scholar] PMid:31025951 PMCid:PMC6658163
- Carroll JM (1997). Human–computer interaction: Psychology as a science of design. International Journal of Human-Computer Studies, 46(4): 501-522. https://doi.org/10.1006/ijhc.1996.0101 [Google Scholar]
- Dzidzah E, Kwateng KO, and Asante BK (2020). Security behaviour of mobile financial service users. Information and Computer Security, 28(5): 719–741. https://doi.org/10.1108/ICS-02-2020-0021 [Google Scholar]
- Faulkner L (2003). Beyond the five-user assumption: Benefits of increased sample sizes in usability testing. Behavior Research Methods, Instruments, and Computers, 35: 379-383. https://doi.org/10.3758/BF03195514 [Google Scholar] PMid:14587545
- Feth D (2015). User-centric security: Optimization of the security-usability trade-off. In the 10th Joint Meeting on Foundations of Software Engineering, Association for Computing Machinery, Bergamo, Italy: 1034-1037. https://doi.org/10.1145/2786805.2803195 [Google Scholar]
- Furnell S (2016). The usability of security–revisited. Computer Fraud and Security, 2016(9): 5-11. https://doi.org/10.1016/S1361-3723(16)30070-7 [Google Scholar]
- González MP, Lorés J, and Granollers A (2008). Enhancing usability testing through datamining techniques: A novel approach to detecting usability problem patterns for a context of use. Information and Software Technology, 50(6): 547-568. https://doi.org/10.1016/j.infsof.2007.06.001 [Google Scholar]
- Ibrahim T, Furnell SM, Papadaki M, and Clarke NL (2010). Assessing the usability of end-user security software. In: Katsikas S, Lopez J, and Soriano M (Eds.), International conference on trust, privacy and security in digital business: 177-189. Springer, Berlin, Germany. https://doi.org/10.1007/978-3-642-15152-1_16 [Google Scholar]
- Imbaquingo D, Díaz J, and Jácome J (2024). Quality and security as key factors in the development of computer audits in higher education institutions. Journal of Technology and Science Education, 14(4): 965-989. https://doi.org/10.3926/jotse.2275 [Google Scholar]
- Javaid M, Haleem A, Singh RP, and Sinha AK (2024). Digital economy to improve the culture of Industry 4.0: A study on features, implementation and challenges. Green Technologies and Sustainability, 2(2): 100083. https://doi.org/10.1016/j.grets.2024.100083 [Google Scholar]
- Kainda R, Flechais I, and Roscoe AW (2010). Security and usability: Analysis and evaluation. In the International Conference on Availability, Reliability and Security, IEEE, Krakow, Poland: 275-282. https://doi.org/10.1109/ARES.2010.77 [Google Scholar]
- Katsini C, Belk M, Fidas C, Avouris N, and Samaras G (2016). Security and usability in knowledge-based user authentication: A review. In the 20th Pan-Hellenic Conference on Informatics, Association for Computing Machinery, Patras, Greece: 1-6. https://doi.org/10.1145/3003733.3003764 [Google Scholar]
- Kindberg T, Sellen A, and Geelhoed E (2004). Security and trust in mobile interactions: A study of users' perceptions and reasoning. In: Davies N, Mynatt ED, and Siio I (Eds.), International Conference on Ubiquitous Computing: 196-213. Springer, Berlin, Germany. https://doi.org/10.1007/978-3-540-30119-6_12 [Google Scholar]
- Lesemann E, Woletz N, and Koerber S (2007). Combining methods to evaluate mobile usability. In the 9th International Conference on Human Computer Interaction with Mobile Devices and Services, Association for Computing Machinery, Singapore, Singapore: 444-447. https://doi.org/10.1145/1377999.1378051 [Google Scholar]
- Lewis JR (1994). Sample sizes for usability studies: Additional considerations. Human Factors, 36(2): 368-378. https://doi.org/10.1177/001872089403600215 [Google Scholar] PMid:8070799
- Luo S and Botash AS (2020). Testing a mobile app for child abuse treatment: A mixed methods study. International Journal of Nursing Sciences, 7(3): 320-329. https://doi.org/10.1016/j.ijnss.2020.06.008 [Google Scholar] PMid:32817855 PMCid:PMC7424146
- Mihajlov M, Blazic BJ, and Josimovski S (2011). Quantifying usability and security in authentication. In the IEEE 35th Annual Computer Software and Applications Conference, IEEE, Munich, Germany: 626-629. https://doi.org/10.1109/COMPSAC.2011.87 [Google Scholar]
- Mihu C, Pitic AG, and Bayraktar D (2023). Drivers of digital transformation and their impact on organizational management. Studies in Business and Economics, 18(1): 149-170. https://doi.org/10.2478/sbe-2023-0009 [Google Scholar]
- Milosz M and Chmielewska M (2020). Usability testing of e-government online services using different methods: A case study. In the 13th International Conference on Human System Interaction, IEEE, Tokyo, Japan: 142-146. https://doi.org/10.1109/HSI49210.2020.9142628 [Google Scholar]
- Mockel C (2011). Usability and security in EU e-banking systems-towards an integrated evaluation framework. In the IEEE/IPSJ International Symposium on Applications and the Internet, IEEE, Munich, Germany: 230-233. https://doi.org/10.1109/SAINT.2011.42 [Google Scholar]
- Mohamed MA, Chakraborty J, and Dehlinger J (2017). Trading off usability and security in user interface design through mental models. Behaviour and Information Technology, 36(5): 493-516. https://doi.org/10.1080/0144929X.2016.1262897 [Google Scholar]
- Möller S, Ben-Asher N, Engelbrecht KP, Englert R, and Meyer J (2011). Modeling the behavior of users who are confronted with security mechanisms. Computers and Security, 30(4): 242-256. https://doi.org/10.1016/j.cose.2011.01.001 [Google Scholar]
- Monzón FH, Tupia M, and Bruzza M (2020). Security versus usability in e-government: Insights from the literature. In: Rocha Á, Paredes-Calderón M, and Guarda T (Eds.), Developments and advances in defense and security. MICRADS 2020. Smart Innovation, Systems and Technologies, vol 181: 29-42. Springer, Singapore, Singapore. https://doi.org/10.1007/978-981-15-4875-8_3 [Google Scholar]
- Mujinga M (2024). Usable security of online banking authentication: An exploratory factor analysis. Journal of Information Systems and Informatics, 6(1): 409-420. https://doi.org/10.51519/journalisi.v6i1.673 [Google Scholar]
- Naqvi B and Seffah A (2019). Interdependencies, conflicts and trade-offs between security and usability: Why and how should we engineer them? In the 1st International Conference on HCI for Cybersecurity, Privacy and Trust, HCI-CPT 2019, Held as Part of the 21st HCI International Conference, Springer International Publishing, Orlando, USA: 314-324. https://doi.org/10.1007/978-3-030-22351-9_21 [Google Scholar]
- Nimmi K and Janet B (2018). An analysis of the balance between security and utility of mobile applications. In the International Conference on Circuits and Systems in Digital Enterprise Technology, IEEE, Kottayam, India: 1-4. https://doi.org/10.1109/ICCSDET.2018.8821080 [Google Scholar]
- Oguta GC (2024). Securing the virtual marketplace: Navigating the landscape of security and privacy challenges in e-commerce. GSC Advanced Research and Reviews, 18(1): 084-117. https://doi.org/10.30574/gscarr.2024.18.1.0488 [Google Scholar]
- Saeed S (2023). A customer-centric view of e-commerce security and privacy. Applied Sciences, 13(2): 1020. https://doi.org/10.3390/app13021020 [Google Scholar]
- Saltarella M, Desolda G, Lanzilotti R, and Barletta VS (2024). Translating privacy design principles into human-centered Software Lifecycle: A literature review. International Journal of Human–Computer Interaction, 40(17): 4465-4483. https://doi.org/10.1080/10447318.2023.2219964 [Google Scholar]
- Taha A, Trapero R, Luna J, and Suri N (2014). AHP-based quantitative approach for assessing and comparing cloud security. In the IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, IEEE, Beijing, China: 284-291. https://doi.org/10.1109/TrustCom.2014.39 [Google Scholar]
- Thüring M and Mahlke S (2007). Usability, aesthetics and emotions in human–technology interaction. International Journal of Psychology, 42(4): 253-264. https://doi.org/10.1080/00207590701396674 [Google Scholar]
- Zhang C, Sun J, Zhu X, and Fang Y (2010). Privacy and security for online social networks: Challenges and opportunities. IEEE Network, 24(4): 13-18. https://doi.org/10.1109/MNET.2010.5510913 [Google Scholar]
|