AHFE Open AccessStakeholder Perspectives on Biometrics-Based Multi-Factor Authentication for eIDAS Levels of Assurance: Insights on Usability, Security, and Privacy
Abstract
Adopting biometrics to an electronic identification (eID) means for online authentication, in addition to its currently popular use for personal device access control, seems a promising solution to achieving both security and convenience of day-to-day online logins. However, the varied ways to implementing biometrics in MFA may raise different concerns of inclusivity, usability, privacy, and regulatory compliance (e.g., the EU’s eIDAS Levels of Assurance Substantial and High). This study explores how stakeholders (users and experts) perceive biometrics-based Multi-Factor Authentication (MFA), focusing on accessibility, privacy, security, and trustworthiness. Eight key questions guided the work, addressing issues such as remote and mobile biometrics, factors’ combination in MFA, biometric data storage, and secret key management, under the context of eIDAS-related standards and guidelines (e.g., BSI TR-03166, ETSI TS 119 461). We surveyed 413 users (Norwegian and English) and interviewed 26 experts across six stakeholder groups: service providers, individual users, academia, eID and biometric technology providers, and authorities / consultants. Results show most users prefer storing biometric data in secure device over cloud services, and oppose shared biometric access (e.g., FaceID) on multi-user devices. Security and privacy were prioritized over convenience by almost two-third of the surveyed participants. Most of them favored MFA combinations adaptive to users’ need. For compliance to LoA High, experts emphasized unique device-user pairing, limited shared access, and the need for multiple factors. They also warned of risks from AI-generated fakes and regulatory uncertainty. Overall, the findings confirmed tensions between usability, inclusivity, and privacy, highlighting the need for flexible, transparent, and accessible biometric MFA designs. Future systems, including the EU Digital Identity Wallet, should ensure privacy-preserving biometrics that meet regulatory assurance levels while remaining usable for all, including elderly and disabled users.
Keywords: Biometrics, eIDAS, Multi-Factor Authentication, Usability, Privacy, Security, Stakeholder Perspectives
DOI: 10.54941/ahfe1006854
Cite this paper
More from this volume
- Warnings and Multilingual Audiences
- EAT Da Vinci 3.0_Translating Cinematic Narrative into Media Art Installation
- From Manual to Automated: Enhancing Inclusivity in Foreign Language Education with Technology
- The effect of multi-sensory physical experiences in daily emotional self-tracking service for emotion self-awareness
- Parametric generation based graphic design and spatial expression research
- Gender Stereotypes in Video Gaming: Impacts of Anxiety Levels, Verbal Communication, and Performance
- Exploring Usability And User-experience Metrics With A Novel AR App In The MASTERLY Project
- Drawing Dialogues Between Generative AI and Children with Autism: A Qualitative Study on the Externalization of “Understanding”
- Human-Centered Design of Integrated Food Service Management Systems: Reducing Cognitive Load in Resource-Constrained Kitchen Operations
- The Design Futures Art-driven (DFA) Method: Structuring Art-Tech Collaboration for Sustainable Future of Food System
- Increasing importance of Instinct
- Bridging the Privacy Gap: Stakeholder Solutions to Support Transparent Data Management Practices in Digital Health Research