Accessible Two Factor Authentication

Orde Saunders' avatarPublished: by Orde Saunders

A common solution to identity verification for online financial servicing is two factor authentication (2FA) using a dedicated device. The majority of these devices are designed in such a way that makes them hard to use by people who have visual or motor impairments. M&S Bank provide, on request, an alternative that is an excellent example of how to design an accessible 2FA device.

The standard device is approximately the size of half a credit card which makes it easy to transport and store. However, the small size means it is hard for people with visual impairment to read the instructions and results which are shown for a relatively short time on the very small display at the top of the device. The small size of the buttons, their low profile and their proximity to each other also make it hard for those with motor impairment to provide input.

M&S Bank 2FA comparison

The accessible alternative device is significantly larger with correspondingly larger display and buttons. The buttons are made of firm rubber that stand proud of the device and provide obvious tactile feedback when depressed. In addition to the large and clear screen the device also features full audio support via a speaker on the rear of the device and, to provide security in a public place, it features a 3.5mm headphone socket.

M&S Bank 2FA audio options

When the device is turned on by holding the power button on the bottom right corner of the device there is an audio prompt that informs the user that the device is now turned on and asks them to enter their device security code. As well as the strong tactile feedback there is audio feedback for each key press.

The device is used to provide six digit numeric verification codes when prompted and these codes must be entered into the online servicing system. On the standard device with the small screen these codes are hard to read and, for security reasons, have a timeout after which the code is cleared. Switching contexts between this device and the browser and the keyboard (or other input device) can be problematic and completing the task before the timeout is challenging. With the accessible device and its audio output it is possible to focus the desired input field and enter the numbers as they are read out. Equally importantly, the voice synthesis used has an even tone and speaks clearly at an steady and measured pace which makes it easy to enter the numbers.

M&S Bank 2FA output

If there is one criticism of the accessible device, it is that the response codes are presented with a space between two groups of numbers. This space should not be entered into the online servicing system and is not read out but is sufficiently large that for someone with a limited field of vision they can lose context when reading.

Conclusion

One minor drawback aside, the accessible 2FA device provided by M&S bank is an excellent example of how to produce hardware that has practical solutions to real problems faced by some users and should serve as an example to other providers that, when done right, accessibility doesn't have to be difficult and can even be used as a selling point for your services.