Multifactor Authentication's Impact on Productivity Still Unknown

Multifactor authentication is a well-known method for beefing up account security. The question is whether adding this step to validate a user’s credentials impacts workplace productivity to a point that it is disruptive to their workflow.

Richard Hay, Senior Content Producer

September 22, 2021

4 Min Read
multifactor authentication with laptop and phone
Getty Images

We’ve all been there – typing in our password, then having to dig for the phone and enter the string of digits texted to our account before we can log in to something. It’s not hard to think that multifactor authentication – because it adds an extra step in the process of accessing certain websites, products, or services – would automatically impact workplace productivity at some level.

There is a significant lack of hard data about just how much using multifactor authentication hinders productivity for end users. In our reporting, we found one usability study from a team at Brigham Young University that looked at five two-factor authentication methods and how testers adapted to setting up and using those various options for multifactor authentication. More on that report later.

At the most basic level though, because it requires an extra step after entering a username and password, using multifactor authentication does add a small amount of time to that process. However, the security tradeoffs may ultimately be a bigger workplace productivity saver.

A Quick Primer on Authentication Factors

Before we dive further into multifactor authentication, let’s review the key factors that can help with authenticating user access to data:

  • Knowledge: This is something known, such as a username plus a password or PIN.

  • Possession: This is something the user has in their possession, such as a smartphone or a security key. The user must have that device in their possession to receive a validation code, which is sent when the user uses the knowledge factors (username, password, or PIN). This validates that it was the user who entered that data to access the corresponding system.

  • Inherence: This factor uses something unique to the user to validate when users provide knowledge-based factors to accessing a site. Biometrics – which use fingerprint, facial, or voice recognition – are examples of this factor.

Some systems also use location and behavior factors to validate user access based on a specified location they are accessing the system from or through a behavior such as drawing a pattern on a lock screen which has a grid of dots laid out.

Any attempt to gain illicit access to a product or service is hindered because of the additional factors used to protect the knowledge-based factors of a username and password.

What Is the Difference Between Multifactor Authentication and Two-Factor Authentication?

Often, these two terms are used interchangeably but there are differences between them that users should be aware of in order to correctly refer to what type of authentication method they are actually using and to prevent any confusion.

Two-Factor Authentication

This method of authentication begins with a knowledge-based element. Then a second factor of authentication is required to validate the user’s identity. In most cases this is the possession factor such as a smartphone to receive a random code for validation or using an app to generate these codes on the phone itself. This extra factor is set up on the product or service website, or system administrators enforce the use of additional authentication factors via tenant policies and settings.

Multi-Factor Authentication

In this scenario an inherence factor is added to the authentication process – this factor is defined as “something you are,” like your fingerprint or face. For example, in order to approve access to a system using an authenticator app which is validating the use of knowledge-based factors, a biometric element like a fingerprint is used to grant final permission for system access or to access the generated code.

Any smartphone that has biometrics included on the device can use the inherence factor as an option to add the extra level of security to the authentication process. Many security keys in the market today have incorporated fingerprint readers to add this inherence factor to that process as well by default.

So, while two-factor authentication does use multiple factors (knowledge and possession), it is not multifactor authentication. That requires the addition of an inherence factor or additional factor such as location or behavior if used by a product or service.

Is There Any Productivity Hit When Using Multifactor Authentication?

Back to that study mentioned a few paragraphs back – a team at Brigham Young University studied five multifactor authentication methods and how users adapted to them. This study tracked the user experience in setting up the authentication method and accessing a test banking site daily. The researchers observed 72 users in total over a two-week period.

To summarize the findings – nearly 30% of the participants indicated the additional security was worth the extra time in the login process, while 13% stated that they would not be willing to use an additional step of authentication because the inconvenience was too high. While these stats are limited to one use case scenario, they do illustrate that more end users think the measures meant to thwart malicious actors are worth the bother.

About the Author

Richard Hay

Senior Content Producer, IT Pro Today (Informa Tech)

I served for 29 plus years in the U.S. Navy and retired as a Master Chief Petty Officer in November 2011. My work background in the Navy was telecommunications related so my hobby of computers fit well with what I did for the Navy. I consider myself a tech geek and enjoy most things in that arena.

My first website – AnotherWin95.com – came online in 1995. Back then I used GeoCities Web Hosting for it and WindowsObserver.com is the result of the work I have done on that site since 1995.

In January 2010 my community contributions were recognized by Microsoft when I received my first Most Valuable Professional (MVP) Award for the Windows Operating System. Since then I have been renewed as a Microsoft MVP each subsequent year since that initial award. I am also a member of the inaugural group of Windows Insider MVPs which began in 2016.

I previously hosted the Observed Tech PODCAST for 10 years and 317 episodes and now host a new podcast called Faith, Tech, and Space. 

I began contributing to Penton Technology websites in January 2015 and in April 2017 I was hired as the Senior Content Producer for Penton Technology which is now Informa Tech. In that role, I contribute to ITPro Today and cover operating systems, enterprise technology, and productivity.

https://twitter.com/winobs

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like