Abstract
The use of passwords for end-user authentication has been fraught with issues for decades, making passwordless authentication (PLA) systems a needed alternative for password-based authentication (PBA). PLA systems involve any methods that help identify a user without the use of a password - methods that are often rolled out with trade-offs in security, privacy, and convenience as means of innovation. Meanwhile, successful implementation of these systems is dependent on their acceptance, and data on the views of the users have not yet fully covered the wide range of approaches and contexts. The current study explored the perceptions of the users ranging from occasional information technology (IT) users to professional IT developers through a cross-sectional survey, assessing their views across different authentication methods (one-time passcode (OTP), fingerprint (FP), voice recognition (VR), personal identification number (PIN), finger swipe (FS), and authentication of choice (AoC)) in different contexts (low-risk account login and payment confirmation). One hundred seventy participants, aged 18-65 years and representing five different levels of IT experience contributed to the survey. The results shed light on the perceptions, concerns, and preferences of the users on PLA and PBA through quantitative and qualitative data, suggesting that in both use scenarios, OTP, fingerprint and PIN formed a cluster of favourites, followed by AoC; common reasons were convenience, usability, reliability and accuracy. However, knowledge gaps and misconceptions were present, highlighting the importance of carefully designed, adjusted, and targeted user information. Future research could extend the investigation to larger samples and more narrow-focused and refined survey items to further explore, for example, the finer differences between OTP, FP, and PIN, and on the other hand, VR and FS. The current findings are expected to benefit the industry involved in end-user authentication by providing empirical evidence on the views of corporate and end users on these authentication systems; by influencing the choice of use cases and methods deployed by software and system developers; and by enhancing the knowledge of professionals and industry experts specialising in user experience design and identity and access management.