Enabling End Users with MFA Onboarding: Our Approach
What is Multi-Factor Authentication (MFA)?
MFA is part of a broad family of Identity and Access Management tools that provide organizations with increased security measures to prevent breaches and other security threats. MFA couples your user password with a second step to verify your user identity when you log into your device. MFA is often described as combining something you know (your password) with something you have (your cell phone, wearable, security token, etc.).
MFA is everywhere today – and you probably use it without even knowing it. Think: every time you use your device to log into your bank or into a shopping site on which you have an account, you are prompted to enter a code that is sent to you via text, email, or a phone call. That is MFA! You may be thinking, “if I haven’t shared my password, why do I have to enter a code too?”. The simple answer is: others may also know your password.
A friend recently shared with me that her Venmo account was wiped out because someone hacked her password when she did not have second-factor authentication set up. Had she set up MFA, her password may still have been hacked, but the secondary authentication code would have been sent to her smart device -- something that she had but the hackers did not!
Adopting MFA in Your Organization
Your organization is likely considering rolling out MFA to safeguard against these types of security breaches—and with good reason. With ransomware and other cyber threats on the rise, new regulations are requiring companies to implement MFA as a secondary line of defense against these cyber threats. When your organization inevitably rolls out MFA, you'll be prompted to provide a second verification of your identity when you enter your password. This extra step is simple and keeps your data—and your company's data—safeguarded from external threats.
As mentioned earlier, we all use MFA as part of our daily lives. But despite general familiarity with MFA, at Burwood, we’ve seen many organizations struggle with implementing MFA and driving adoption of the technology. What makes it so difficult? Some of the approaches that drive success when implementing MFA include:
1. Take a Use Case-driven Approach
Users may work in restricted areas that forbid the use of cell phones or work in the field with spotty Wi-Fi/cell coverage. Business needs and specific use cases must be considered to ensure the MFA solution appropriately meets your goals.
2. Create an Awareness Campaign
There is often a lack of awareness that MFA is being implemented. Communication with the organization occurs immediately before the event, giving users little time to think about how the change impacts them, and can include technical jargon that can be intimidating and frustrating. Awareness campaigns can set end users up for success , with advanced notice and a simplified, easy-to-understand message.
3. Focus on End User Enablement
Enabling MFA is not always a straightforward, intuitive process. Providing necessary guidance and support for end users alleviates potential procrastination and frustration and ensures a more successful rollout.
MFA Onboarding Approaches We’re Seeing
Not all end user enablement efforts are the same! Many vendor partners have support documentation available online in the form of Quick Reference Guides (QRGs). These QRGs are generally focused on one particular use case and rarely meet individual needs. Most of the time, these “quick” guides are multi-paged, step-by-step instructions with minimal troubleshooting assistance. Customized QRGs are very helpful, but often procrastinators get stuck in a situation where their instructions are in their Inbox, and once MFA is enabled, they can’t access them!
User enablement via video is another common approach to ensure end users have the necessary guidance to enroll in MFA. This is a useful strategy for tech savvy, self-reliant users who can access the video on their own time to complete the necessary enrollment. However, for users who are less comfortable with technology, toggling between PCs, phones, wearables, and the instructional video is an onerous process. Furthermore, using video as the primary enablement tool requires users to seek out additional support for atypical use cases or issue resolution. Video is also much more difficult to adjust to changes in the process or software updates.
Another common strategy we have seen for end-user enablement for MFA is to provide instructor-led training sessions to discuss the benefits of MFA and the necessary steps for onboarding devices. This is a good approach, as it helps users understand why MFA is so important and provides them with guidance to successfully set up and enroll in MFA tools. The challenge with this approach is that users typically walk away from training sessions armed with their recently learned information, but they still have the remaining task of setting up MFA on their devices.
Our Recommended Approach
he most successful approach we have seen combines some of the strategies described above; Quick Reference Guides and video sessions with onboarding workshops where the objective of the workshop is for users to walk out of the session with MFA enabled. These workshops can be tailored to address specific use cases, discuss MFA benefits, and review organizational security topics.
In these workshops, attendees are asked to bring their devices to the sessions (remote or in person) and are guided step-by-step through the enrollment process. Users experiencing technical difficulties are asked to remain after the session for on-the-spot troubleshooting support. Facilitators for these workshops should be carefully selected to ensure they are able to connect with end users and speak in non-technical terms. Results from a recent post-onboarding workshop survey found that over 90% of attendees found the workshop useful and were able to successfully enroll in MFA.
At Burwood, our Adoption and Training team is dedicated to encouraging end-user technology adoption to drive the long-term success of your organization. To learn more about our MFA Onboarding solution, we invite you to contact us.