Why Multifactor Authentication Should Be Everywhere, But Not a Nightmare!

Multifactor Authentication is a Growing Trend

In addition to being a product director for identity and authentication at Syniverse, I’m also a dad of four. So, naturally, I want to optimize my life toward spending more time with my kids, not just ‘managing’ them. But this month, these two primary roles in my life collided, and it got me thinking about multifactor authentication (MFA) in a very broad sense. 

For some background, we pay for our kids’ school meals online, which works pretty smoothly. I get notified that their balance is running low, and I quickly go online to add funds. Simple right?

However ParentPay, the payment facilitator, is now introducing multi-factor authentication, which I will need to use every time I log in to check the balance or add funds. And this means additional steps, and likely more of my time. But it is an important step for everyone involved. 

That’s why I believe that the trend of MFA becoming staple everywhere on the internet is important and positive. Instead of just banks and  businesses requiring MFA, typically a SMS one-time password code, we see social networks, travel, gaming, gambling, healthcare, MVNOs and more, all requiring MFA during login now. This makes it safer for everyone, and it really shouldn’t make it more difficult. As a result, it’s no surprise that the identity market is forecast to grow over 17% each year up to 2030.

Why is MFA a Growing Trend? 

In one word – Security. In fact, MFA massively reduces the risk of unauthorized access – preventing up to 99.9% of automated attacks and reducing phishing by 75%.

Now, I love security, but my two areas of experience and expertise, identity and authentication, means I am worried. Because, badly executed, MFA can degrade customer experience and satisfaction and have a major negative impact on a business. 

Why MFA Works

First off, the whole basis of the current username & password approach used on the internet is broken, and decreasingly effective. How many times, for example, have you faced this frustrating experience?

Added to this, data breaches now happen on such a scale, that your passwords are likely to be already circulating on the dark web. Check out https://haveibeenpwned.com/Passwords to see how you are affected. There’s a high likelihood that your passwords have been compromised already. This further proves why knowledge-based authentication on its own is insufficient now. 

Additionally, social engineering means that knowledge-based authentication is scarily easy to break. See Rachel Tobac, the social hacker in action to see how easy it is. Unfortunately, even password managers cannot solve these problems either, as made clear by LastPass’s recent issues. 

Why MFA is Challenging

Building good MFA is hard as it can often take away from the user experience. My professional experience is that typical problems include: 

• Usability and Reliability – This Twitter user captions the frustrations many of us have faced with MFA.

• Security – While MFA is much more secure than a password only, it’s   widespread use means that people make mistakes and can get tired of it. Check out this article on MFA fatigue, where it describes the story of an attacker repeatedly using login credentials to trigger MFA notifications, which the user finally, erroneously or out of sheer fatigue, accepted, allowing the attacker in. 

Even if you avoid all these pitfalls, there is still a business cost often associated with the implementation of MFA, including:

• 25% drop in conversion;
• 10-20 seconds added to login processes; and,
• 100% increase in customer care costs.

So, What Can You Do?

As a busy Dad of 4, I don’t want all this extra friction. This is why I hope all new implementations of MFA will rely on professionals like us, at Syniverse, who have honed our skills and talents of successfully implementing MFA, reducing the friction to a minimum, while still providing reliable security and trust.

While SMS OTPs are still the essential foundation for all MFA solutions, due to reach and familiarity with end users, the following are also essential for a seamless implementation and user experience:

• Rock solid API platforms providing carrier grade reliability;
• simple integration with expert support;
• identity data and intelligence to both identify low risk customers and prevent fraud; and, 
• support for the emerging low friction authentication methods such as frictionless and passkey authentication.

At Syniverse we provide all the above as part of our proven mobile identity and customer engagement platform, incorporating years of experience working with  some of the world’s leading banks. In fact, our implementations and services are used by global giants and millions of customers around the world, every day. 

We would love to help make the internet a safer place while making everyone’s life easier, by helping you to seamlessly implement MFA and a host of other customer engagement services and features. Why not speak to our experts today and take an important step in positively transforming your customer experience, and the security of your customers’ accounts and data from attack!