Beyond passwords: A review of the hidden risks in two-factor authentication

Purpose – This paper aims to investigate the hidden risks that result from implementing two-factor authentication, a widely adopted technique for enhancing information security. Two-factor authentication systems can provide an effective solution to mitigate the risks associated with single-factor authentication. However, it should be noted that the introduction of a second authentication factor must be carefully evaluated to ensure it does not introduce hidden risks to the system. Design/methodology/approach – The authors undertake a systematic literature review to evaluate and synthesize existing empirical findings on two-factor authentication. Specifically, to enhance the effectiveness of two-factor authentication systems, this study synthesized the two-factor authentication literature to identify potential security risks that the second authentication factor may introduce to the system. Findings – The review of 52 relevant papers reveals that using additional authentication factors beyond passwords may result in high computing power and operational complexity, high operating costs, low reliability and trust and adoption issues, as well as other unanticipated risks. Originality/value – The authors highlight the hidden risks associated with implementing two-factor authentication. They also highlight several inadequacies in the current literature, including the requirement for consistent evaluation methods, a more extensive range of research on various types of two-factor authentications and the use of behavioral techniques to explore how individuals and organizations adopt two-factor authentication. Furthermore, the authors offer researchers and practitioners targeted guidance on designing and implementing various two-factor authentication systems.