Cost and benefit analysis of authentication systems

This study investigates the key elements an online service or product provider needs to consider when adopting another single‐factor or two‐factor authentication system. We also uncover the conditions that make the new one‐factor or two‐factor authentication system more preferable. By using the probability of system failure, this study generalizes all possible combination of authentication systems into four different cases. This generalization allows us to compare different systems and to determine the key factors managers need to consider when adopting a new authentication system. The key factors are (1) additional implementation costs, (2) customer switching which is determined by the market share and customers' preferences, and (3) expected losses when the new system fails. This study also suggests that if the provider chooses an expensive new system, the provider needs to have a larger market share to justify the spending. Also, regulators can encourage the adoption of a more secure authentication system by changing the penalty a firm faces when the system fails. Finally, it could also be preferable to have both one‐factor and two‐factor authentication systems depending on the customers' characteristics.