Prove Identity’s 2023 State of MFA Report Reveals Consumer Attitudes Towards Multi-Factor Authentication

With the increasing usage of digital services and the creation of online accounts at an accelerated rate, the prevalence of multi-factor authentication (MFA) has grown as a means of securing transactions. However, consumer perceptions of MFA are evolving as it becomes more common and as more convenient and secure identity authentication options become available. To gain a better understanding of the people’s perspectives on MFA, Prove sampled 1,000 US adults in a series of surveys, and revealed the results in a report announced today at the 2023 RSA Conference in San Francisco. 

‍

See the full Prove 2023 State of MFA report here.

‍

Key Findings from Prove’s 2023 State of MFA Report:

1. Consumers desire more streamlined authentication options

33% of consumers said they do not enable MFA because they find it to be an annoying process and 58% of consumers believe that companies should deprecate passwords altogether and use more secure technology such as mobile-based authentication.

2. MFA adoption rates vary significantly by service/industry

When given an option…

• 73% of consumers do not enable MFA for cryptocurrency accounts
• 70% of consumers do not enable MFA when using social media

However, MFA is more popular among consumers for other online services, including:

• 60% of consumers enable MFA for online banking
• 61% of consumers enable MFA for online healthcare portals and apps

For more adoption rates by industry, see the full report here.

3. MFA in the workplace continues to lag

Only 21% of consumers use MFA more on work accounts than they do on personal accounts.

4. Consumers recognize the importance of strong identity authentication processes. 

The majority of those surveyed (53%) said they would switch financial institutions based on the strength of their identity authentication processes.

5. Consumers don’t want to pay for MFA

87% of consumers feel that MFA should be free, supporting that all consumer-facing businesses should take responsibility for prioritizing and investing in the protection of their customers.

For the full insights from the survey, read the report here.

‍

What is Multi-Factor Authentication?

‍

Multi-factor authentication is a method of authenticating user identities to secure customer accounts that requires two or more forms of evidence, or credentials, to be presented during the login process. This additional layer of security is recommended by the National Institute of Standards and Technology (“NIST”) to help protect against unauthorized access to accounts. MFA requires two out of the following three types or classifications, also referred to as “factors of authentication,” in order to securely authenticate:

• Something you know, such as a password or PIN
• Something you have, or possess, such as a badge or smartphone
• Things you are, such as a biometrics (fingerprints or face recognition)

For a deeper dive into what multi-factor authentication is and some of the new innovations in the space, read our Multi-Factor Authentication explainer here.

‍

What are some examples of Multi-Factor Authentication?

Some examples of employing 2 factors of authentication to achieve MFA include:

• Entering a one-time SMS text passcode sent after entering your username and password for your bank account
• Doing a face scan after entering your username and password for your brokerage account

‍

What are the challenges associated with multi-factor authentication?

‍

Two of the major challenges associated with traditional MFA offerings, such as email or SMS OTPs, are:

• Friction & Frustration: In many cases, MFA implementations can result in a more complex and time-consuming login process, which can create frustration for users who have limited time and attention in today's fast-paced world. 
• Security Vulnerabilities: Unfortunately, many MFA processes have known security vulnerabilities that fraudsters exploit regularly. One well-known example is SIM swap attacks or account takeovers that are often conducted by intercepting OTPs in order to easily take over a victim’s accounts.

‍

How can businesses overcome these MFA challenges? 

‍

Leading companies across industries such as banking, fintech, cryptocurrency, retail, healthcare, gaming, and insurance are adopting next-generation multi-factor authentication solutions such as Prove Auth that not only make identity authentication flows more secure, but also streamline the customer experience.

‍

Prove Auth utilizes the cryptographic key (SIM card) present in a mobile device to perform an identity authentication check that doesn’t add friction to the user flow. This is achieved through a "possession check," which necessitates that the user has physical possession of their mobile device. As a result, fraudsters are unable to pass this check without having access to a consumer's device, which is an impractical and time-consuming endeavor.

‍

What makes Prove Auth unique is that it capitalizes on the fact that most adults already possess and frequently use their mobile phones, resulting in no learning curve for customers. Unlike OTPs, Prove Auth operates in the background, minimizing the inconvenience and frustration of passwords and OTPs.

‍

Prove’s services allow companies and consumers to develop a high level of trust in the use of the phone number as an authenticator for a particular transaction. Prove Auth allows the device itself to inherit that trust by establishing a bind or key between the device and a given identity. After the initial bind,  the key can then be used in place of traditional, phone number- based authenticators for the user to prove possession.

‍

To learn more about Prove Auth and how you can gain a competitive advantage by streamlining the consumer authentication experience while also preventing fraud, request more info or speak with an expert here.

‍