Most of us engage with Multi Factor Authentication on a fairly regular basis. Whether it be for work or play, MFA adoption amongst tech platforms has accelerated swiftly in recent years. This is because it is designed to provide an additional layer of security to username / password authentication. But are there instances of MFA which are damaging the user experience?

What is MFA?

It is essentially a security mechanism that requires users of a system or app to provide two or more different forms of identification before they gain access. As aforementioned, MFA provides more security than username and password combinations. Those can be vulnerable to hacking and data breaches, whereas MFA’s requirement of more information makes it much more difficult for potential cyber-criminals to take advantage.

MFA typically requires users to provide at least two of the following factors:

  • Something the user knows, such as a password or PIN
  • An item that the user has, such as a smart card or security token
  • A biometric identifier for the user (i.e., fingerprint or facial recognition)

MFA can help to prevent identity theft, phishing attacks and other types of cyber-crime. Think about your own interactions with MFA; perhaps when banking online, or when logging into a platform for work such as Microsoft Teams. Do you feel as though your information is better protected? If so, does that give you more confidence in the platforms using it? Would you then be more inclined to use other platforms featuring MFA?

On the other hand, consider your experiences as a user when navigating through MFA-inspired ‘journeys’. Have they been smooth? Or have you found them to be clunky? A lot of the time the answer here will depend upon how the MFA has been set up. It could be that you are asked to submit a code received via a text message. Or, you may need to access an authentication app to retrieve a code (for example).

Security vs UX

Here we are essentially talking about security versus UX. The former is vitally important and as cyber-criminal activity continues to grow, its importance will grow with it. The user experience is also a crucial element with any service or product; deliver a poor one and your users will typically drop off. Which is more important to you? This writer feels like saying ‘UX’, as many people might when setting up a new smartphone*. But of course, security is the most crucial element in this discussion.

*Why do some apps insist on sending a text long after the code window has expired?!

MFA: A necessary yet imperfect solution

Having robust, unique passwords is a good way to deter and often halt the progress of cyber-criminals. Unfortunately though, even the most complex passwords can be cracked. Therefore, MFA’s additional security layers have made it a great option for organisations of all sizes. They can use it to protect the services they offer and the information and money that users are divulging to them. This protection comes with relatively little pain too, because most of us nowadays are used to interacting with multiple devices. MFA is definitely not perfect though! Whilst Multi Factor Authentication does improve security, it does also often make for a frustrating experience. Have you ever been asked to input a code from a text message, only to then not receive said text message?

In conclusion

Multi Factor Authentication – you can’t live with it, you can’t live without it. Well, perhaps that is a bit much (!), but the pros and cons are quite clear – for this writer at least. Yes, there is a definite improvement in security. However, many instances of MFA are far too clunky – smooth these out and then we’ll be talking. On a more serious note, we do encourage the use of robust passwords, passphrases and – where possible – MFA. UX is very important but security trumps it every time. Contact us to find out more, or read the NCSC’s guidance on implementing MFA.

What do you think? If you have any examples of MFA in action – good or bad – then we would love to hear from you!