Multifactor authentication (MFA) is a credential verification method that requires the provisioning of two or more authentication mechanisms to gain access to an IT resource. In essence, besides a password, users log in by providing a fingerprint, USB token, a push notification on their device, or others. With this additional layer of friction, end-user experience is critical to consider when enforcing multiple authentication methods.
My personal experience with MFA has been terrible. Onboarding can be challenging, and setup instructions aren't always clear. On one occasion, the passwords generated by the OTP app did not work. I couldn't log in offline, and I did not know I had to download the 'secure' apps from the phone's work profile Play Store rather than the standard profile Play Store. Same for consumer products. New phone number? Sorry, no more PayPal.
Getting the short end of the MFA stick put me in a prime position to research this space. I'm pleasantly surprised that across all 24 vendors we will feature in GigaOm's Radar on MFA, this sort of experience is long gone. Moreover, even if MFA is not as hot as Edge, XDR, or Generative AI, it's full of cool developments that immediately translate into better user experience and significantly better security posture.
