Human factors errors in user authentication introduce critical security vulnerabilities, yet existing formal methods lack systematic modeling and automated analysis capabilities for human operational deviations. This paper proposes a security-protocol modeling paradigm grounded in *security ceremonies*, formally embedding human operational variation rules into ceremony models for the first time—enabling cross-role error propagation analysis. We extend the Tamarin prover toolchain (X-Men) to support automated verification and integrate an AI-powered virtual receptionist prototype for empirical evaluation. In a real-world AI reception kiosk deployment, our approach identified three classes of human-factor-induced authentication failure paths previously uncaptured by formal models. By bridging the gap between formal methods and human factors engineering in authentication security, the framework significantly enhances the robustness and verifiability of identity verification processes in human–machine collaborative settings.

User identification procedures, essential to the information security of systems, enable system-user interactions by exchanging data through communication links and interfaces to validate and confirm user authenticity. However, human errors can introduce vulnerabilities that may disrupt the intended identification workflow and thus impact system behavior. Therefore, ensuring the integrity of these procedures requires accounting for such erroneous behaviors. We follow a formal, human-centric approach to analyze user identification procedures by modeling them as security ceremonies and apply proven techniques for automatically analyzing such ceremonies. The approach relies on mutation rules to model potential human errors that deviate from expected interactions during the identification process, and is implemented as the X-Men tool, an extension of the Tamarin prover, which automatically generates models with human mutations and implements matching mutations to other ceremony participants for analysis. As a proof-of-concept, we consider a real-life pilot study involving an AI-driven, virtual receptionist kiosk for authenticating visitors.