PACIS 2019 Proceedings


Two-factor authentication uses any combination of an authentication modality or the combination of multiple features of different authentication modalities, and it has been argued for many years that it can protect against the pitfalls of the password and PIN only authentication system, however, there is no empirical evidence to support such argument. A systematic review of studies of two-factor authentication was conducted, and 38 studies from ABS/Inform and EBSCOhost were analyzed in detail. The review investigates what is currently known about the benefits and limitations of two-factor authentication and How additional authentication factors affect security risk in relation to security costs. We found no strong evidence to support the assumption that two-factor authentication has superior performance. We did, however, find strong evidence that it can bring many unexpected risks. For future research, we need to increase both the number, the quality of studies and the critical stance of research on two-factor authentication.