Multi-factor authentication (MFA) is fast becoming a requirement for customer applications, but it can add friction to their experiences. Whether your customers see it as an unnecessary headache or as a welcome security protocol often depends on how it’s implemented. If you choose to require multi-factor authentication (MFA) every time a user logs in, it can be secure but inconvenient. If you offer the option for MFA but hide it deep in the settings menu of your applications, most of your users may never choose to turn it on and won’t gain the security benefits it offers.
So how can you determine when MFA should be required? The answer lies in striking the right balance between security and convenience with adaptive authentication.