This study addresses the lack of recent empirical evidence on core usability metrics—such as task completion time and System Usability Scale (SUS) scores—for the widely deployed Duo two-factor authentication system in real-world user settings. Conducted during the 2024–2025 academic year at the University of California, Irvine, this large-scale longitudinal investigation analyzed authentication logs from 2,559 users alongside survey responses from a randomly selected subset of 57 participants. It presents the first systematic measurement of real-world Duo Push performance—including authentication duration, failure rates, and SUS scores—in the context of widespread multi-factor authentication (MFA) adoption. Findings reveal a mean authentication time of 7.96 seconds, an SUS score of 70 (indicating good usability), a 4.35% session failure rate due to non-completion, and 43.86% of users reporting at least one failed attempt. While users generally perceived Duo as easy to use and enhancing security, they also found it mildly intrusive. The study further uncovers associations between perceived burden and user characteristics such as academic discipline, educational level, and temporal factors.

Multi-Factor Authentication (MFA) enhances login security by requiring multiple authentication factors. Its adoption has increased in response to more frequent and sophisticated attacks. Duo is widely used by organizations including Fortune 500 companies and major educational institutions, yet its usability has not been examined thoroughly or recently. Earlier studies focused on technical challenges during initial deployment but did not measure core usability metrics such as task completion time or System Usability Scale (SUS) scores. These results are also outdated, originating from a time when MFA was less familiar to typical users. We conducted a long-term, large-scale Duo usability study at the University of California Irvine during the 2024-2025 academic year, involving 2559 participants. Our analysis uses authentication log data and a survey of 57 randomly selected users. The average overhead of a Duo Push task is nearly 8 seconds, which participants described as short to moderate. Overhead varies with time of day, field of study, and education level. The rate of authentication failures due to incomplete Duo tasks is 4.35 percent, and 43.86 percent of survey respondents reported at least one Duo login failure. The Duo SUS score is 70, indicating good usability. Participants generally find Duo easy to use but somewhat annoying, while also reporting an increased sense of account security. They also described common issues and offered suggestions for improvement.