Why is Multi-factor authentication (MFA) not more widely used?


Recent studies have indicated that the vast majority of computer users do not use multi-factor authentication (MFA). But what exactly is it? How does it work? And why doesn’t everyone use it?

What is Multi-factor authentication?

MFA is a method of authentication where the user has to provide at least two verification factors in order to obtain access to an online account, secured files, application, or Virtual Private Network. MFA is a key part of a strong and effective access management protocol, and makes things harder for cybercriminals.

Why is MFA important?

MFA provides stronger protection for private information and is important in order to lock down your vulnerability to a cyberattack. This is because, whilst there are sophisticated brute force methods for hacking usernames and passwords they are ineffective against the extra layer of protection that MFA provides. Insisting on MFA will enhance your organisation’s all-round security.



MFA authentication

Most MFA authentication is based on providing one of the following types of additional information:
– Things that you know – such as the answer to a specific personal security question or a PIN number
– Things that you have – such as an access badge, software token, fob, or smartphone (or a one-use time-limited passcode sent to one of your devices)
– Things that you are – such as a biometric feature e.g. a fingerprint, retina or iris scan, or voice recognition.
Advances in technology mean that some MFA systems are now integrating AI and machine learning algorithms into their authentication processes. Approaches include location-based authentication, behavioural fingerprinting and adaptive risk-based authentication.


Recent research on non-administrator users of Microsoft 365 has revealed that less than 5% of them use multi-factor authentication. Even among administrators, only approximately one quarter are using MFA.
This is very concerning because Microsoft Office 365 accounts are very numerous and highly attractive to cybercriminals. Office 365 is potentially vulnerable to shrewd password guessing and to automated brute force attacks when only usernames and passwords are used. MFA would help prevent data thefts and malicious attacks: it has been estimated that MFA would prevent at least 95% of everyday data breaches.

The benefits of using MFA

– Improved security is obviously the main benefit of MFA. It provides an extra layer of protection and an extra barrier that attackers have to breach. The more layers there are, the harder it is for intruders to gain access to critical systems or sensitive information.
– Compliance is another key benefit of MFA. It will help your organisation meet statutory data privacy requirements and fulfil contractual obligations.
– Improved productivity. In some contexts, replacing the traditional burdens of password creation and recall can boost productivity by logging people in quicker, and improve the user experience thanks to the flexibility of the new types of factor identification.

Challenges and problems of MFA

– Usability is a common concern. MFA means that in addition to remembering a password (which not everyone finds easy) users also have to navigate an additional security procedure. These are becoming easier to use but in the past many people struggled to get systems to recognise their thumbprint, or to read their fob, badge or smartphone.
– Cost is often the most challenging aspect of MFA. Depending on the deployment, those extra costs can include training, maintenance, mobile app development, SMS services, hardware, software or extra mobile phone expenses.
– Complexity. Authentication may require unfamiliar procedures, extra drivers, new equipment or software – and all these things can be difficult to understand, creating issues for users and maintenance personnel.
Most of these problems are being overcome, so overall the security benefits of MFA are clear to see. Surely more organisations should be making it an integral and mandatory part of their IT security policies and procedures.

If your business hasn’t yet explored the full potential of MFA and how it can significantly increase identity security, then give Cloudworks a call. We are specialists in cloud technologies, cyber-security and support. In addition, we continuously monitor our clients IT cloud infrastructure to ensure they are secure and protected against the latest threats. Give us a call to find out more and we will find the best strategy and solution to fit your business.

Call Cloudworks on 0115 824 8244 or email info@cloudworks.co.uk