Login processes can make or break a user experience. Excessive reliance on multi-factor authentication (MFA) often deters users from returning to a site more often.
You may have experienced the frustration: you complete MFA to sign in, navigate to view your billing statement, and get presented with MFA again — even though you’re still on the same platform. According to a 2021 PingIdentity survey:
- 56% of global consumers — and 61% of U.S. consumers — would stop using an online service if the login process became too frustrating
- 65% of U.S. consumers would switch to a competitor offering easier authentication
Businesses aren’t immune. When multiplied across daily logins for hundreds or thousands of employees, “minor” MFA friction results in significant productivity losses and increased help desk costs — with minimal impact on reducing security risk.
MFA Exhaustion Is Real
OTPs, mobile notifications, captchas, and security questions introduce friction that annoys users and damages the experience going forward. Delays in receiving codes, forgotten security question answers, or needing to fetch a mobile device can derail the login process entirely.
But abandoning MFA isn’t the answer either. Relying solely on passwords exposes accounts to takeover, financial loss, and reputational damage.
The Solution: Risk-Based Authentication
The key insight: more isn’t always better. Sometimes better is just better.
Risk-based authentication applies friction only when it’s necessary. By detecting when a user’s login credentials have been compromised elsewhere — signaling elevated risk — you can justify additional security measures (OTPs, security questions, other MFA) only in those instances.
How it works:
- Behind-the-Scenes Protection: Credential screening operates invisibly, allowing most users to log in without interruption
- Real-Time Risk Detection: 15 million new compromised credentials added daily keeps protection current
- Beyond Login Events: Compromised credentials can also be flagged during account creation or password changes, proactively mitigating risks before they become problems
By tailoring authentication requirements to the risk level, low-risk users enjoy a frictionless experience while high-risk scenarios are met with appropriate security measures. This balanced approach safeguards sensitive information, improves user satisfaction, and reduces churn.
In the battle of security versus user experience, the winner doesn’t have to be one or the other — it can be both.
The mechanics of how email became the digital economy’s most consequential vulnerability, the case studies that should have changed everything, and what a continuous intelligence approach actually looks like — all documented in “The Lying Gatekeeper,” a special report from myNetWatchman.
Read the Full Report →