{"id":52956,"date":"2023-10-19T10:32:43","date_gmt":"2023-10-19T14:32:43","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=52956"},"modified":"2023-10-23T13:57:06","modified_gmt":"2023-10-23T17:57:06","slug":"the-human-challenges-of-rolling-out-multi-factor-authentication-mfa","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/the-human-challenges-of-rolling-out-multi-factor-authentication-mfa","title":{"rendered":"5 Human Challenges of Rolling Out Multi-Factor Authentication (MFA)"},"content":{"rendered":"\n

October is Cybersecurity Awareness Month, and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is calling on all of us to \u201cSecure Our World,\u201d with a simple message that calls everyone to action \u201cto adopt ongoing cybersecurity habits and improved online safety behaviors.\u201d This month, the JumpCloud blog will focus on helping you empower everyone in your organization to do their part regarding cybersecurity. Tune in throughout the month for more cybersecurity content written specifically for IT professionals.<\/em><\/p>\n\n\n\n

While multi-factor authentication (MFA) isn\u2019t new to most users, user sentiment toward the tool varies widely. For those who have several personal accounts that require MFA, adding another for work is no big deal. Others may be less familiar or willing to adopt the technology, and tend to lag or run into friction when it comes to incorporating it into their work process.<\/p>\n\n\n\n

Because most organizations will likely have both MFA champions and hard resisters, sufficiently equipping users is critical to rollout success. In this article, we\u2019ll outline the user-side challenges many employees face when adopting MFA, how IT admins can rectify them. We\u2019ll use JumpCloud Protect<\/a>, a free MFA tool, as a case study for ensuring smooth rollout and adoption. <\/p>\n\n\n\n

MFA User Challenges and Barriers to Adoption<\/h2>\n\n\n\n

Understanding the common challenges surrounding MFA adoption is key to determining the right rollout strategies. Generally speaking, MFA may be difficult to deploy because of:<\/p>\n\n\n\n

1. Device incompatibility \u2014<\/strong> MFA often requires employees to use their personal devices. Clarify which OS and versions the MFA technology works on, and present alternatives for those on different systems.<\/p>\n\n\n\n

2. Setup problems \u2014<\/strong> Because people learn in different ways, your MFA setup instructions should be available in more than one format. For example, you could offer a guided simulation as well as written instructions.

Additionally, because users will be setting up the tool on different platforms, they\u2019ll need access to clear steps for their device type. Be sure to provide setup instructions that are unique to each OS.<\/p>\n\n\n\n

3. Lack of understanding of how to use the tool \u2014<\/strong> Perhaps one of the most common MFA challenges is usability. Not many MFA providers include end-user training, so many users are left to learn how to use the technology on their own. Additionally, with many users now working remotely, there\u2019s less of a peer support system and fewer opportunities for offering hands-on help during the adoption period. <\/p>\n\n\n\n

Because this is such a sticking point, don\u2019t overlook the value of vendor-offered user training when weighing different tool options. Having training available can significantly reduce adoption time, improve the user experience<\/a>, and reduce the security vulnerabilities created by tool misuse or avoidance.<\/p>\n\n\n\n

4. Lack of buy-in \u2014 <\/strong>If users don\u2019t understand the goal of a tool and why they should use it, they\u2019ll quickly find a way to avoid it or work around it, which creates significant vulnerabilities. Communicate your company\u2019s reasoning for why it\u2019s adopting the tool and how it secures both company data and employees\u2019 personal information. <\/p>\n\n\n\n

Note: <\/em>While the insecurity of the traditional password may be old news to IT admins, it may not be to the lay user. Try conveying the security benefits of MFA by first explaining the problems with the traditional password<\/a>. <\/p>\n\n\n\n

5. Poor user experience \u2014 <\/strong>As MFA adoption is already a sticking point, an MFA tool that delivers a poor user experience is unlikely to take hold. <\/p>\n\n\n\n

How to Address These Challenges<\/h2>\n\n\n\n

To ensure smooth rollout and adequately support their users, IT admins should make sure they enable users in three different stages: <\/p>\n\n\n\n