Multifactor Authentication is a Growing Trend
In addition to being a product director for identity and authentication at Syniverse, I’m also a dad of four. So, naturally, I want to optimize my life toward spending more time with my kids, not just ‘managing’ them. But this month, these two primary roles in my life collided, and it got me thinking about multifactor authentication (MFA) in a very broad sense.
For some background, we pay for our kids’ school meals online, which works pretty smoothly. I get notified that their balance is running low, and I quickly go online to add funds. Simple right?
However ParentPay, the payment facilitator, is now introducing multi-factor authentication, which I will need to use every time I log in to check the balance or add funds. And this means additional steps, and likely more of my time. But it is an important step for everyone involved.
That’s why I believe that the trend of MFA becoming staple everywhere on the internet is important and positive. Instead of just banks and businesses requiring MFA, typically a SMS one-time password code, we see social networks, travel, gaming, gambling, healthcare, MVNOs and more, all requiring MFA during login now. This makes it safer for everyone, and it really shouldn’t make it more difficult. As a result, it’s no surprise that the identity market is forecast to grow over 17% each year up to 2030.
Why is MFA a Growing Trend?
In one word – Security. In fact, MFA massively reduces the risk of unauthorized access – preventing up to 99.9% of automated attacks and reducing phishing by 75%.
Now, I love security, but my two areas of experience and expertise, identity and authentication, means I am worried. Because, badly executed, MFA can degrade customer experience and satisfaction and have a major negative impact on a business.
Why MFA Works
First off, the whole basis of the current username & password approach used on the internet is broken, and decreasingly effective. How many times, for example, have you faced this frustrating experience?
Added to this, data breaches now happen on such a scale, that your passwords are likely to be already circulating on the dark web. Check out https://haveibeenpwned.com/Passwords to see how you are affected. There’s a high likelihood that your passwords have been compromised already. This further proves why knowledge-based authentication on its own is insufficient now.
Additionally, social engineering means that knowledge-based authentication is scarily easy to break. See Rachel Tobac, the social hacker in action to see how easy it is. Unfortunately, even password managers cannot solve these problems either, as made clear by LastPass’s recent issues.
Why MFA is Challenging
Building good MFA is hard as it can often take away from the user experience. My professional experience is that typical problems include:
- Usability and Reliability – This Twitter user captions the frustrations many of us have faced with MFA.
- Security – While MFA is much more secure than a password only, it’s widespread use means that people make mistakes and can get tired of it. Check out this article on MFA fatigue, where it describes the story of an attacker repeatedly using login credentials to trigger MFA notifications, which the user finally, erroneously or out of sheer fatigue, accepted, allowing the attacker in.
Even if you avoid all these pitfalls, there is still a business cost often associated with the implementation of MFA, including:
- 25% drop in conversion;
- 10-20 seconds added to login processes; and,
- 100% increase in customer care costs.
So, What Can You Do?
As a busy Dad of 4, I don’t want all this extra friction. This is why I hope all new implementations of MFA will rely on professionals like us, at Syniverse, who have honed our skills and talents of successfully implementing MFA, reducing the friction to a minimum, while still providing reliable security and trust.
While SMS OTPs are still the essential foundation for all MFA solutions, due to reach and familiarity with end users, the following are also essential for a seamless implementation and user experience:
- Rock solid API platforms providing carrier grade reliability;
- simple integration with expert support;
- identity data and intelligence to both identify low risk customers and prevent fraud; and,
- support for the emerging low friction authentication methods such as frictionless and passkey authentication.
At Syniverse we provide all the above as part of our proven mobile identity and customer engagement platform, incorporating years of experience working with some of the world’s leading banks. In fact, our implementations and services are used by global giants and millions of customers around the world, every day.
We would love to help make the internet a safer place while making everyone’s life easier, by helping you to seamlessly implement MFA and a host of other customer engagement services and features. Why not speak to our experts today and take an important step in positively transforming your customer experience, and the security of your customers’ accounts and data from attack!
With a wealth of experience and expertise in product development, technical acumen, management proficiency and more under his belt for the last three decades, Mike Bradford stands out as the go-to Product Leader. A great asset to large blue-chip companies just as much as small start-ups alike, he has established himself as an expert at creating successful products from scratch or salvaging struggling ones! He offers clarity on vision & strategy to teams while introducing processes for discovery, product mgmt., agile techniques – all towards achieving common goals: crafting winning products or breathing new life into existing ones.