Download This PaperOrganizational Security: Implementing a Risk-Reduction-Based Incentivization Model for MFA Adoption
In Proceedings of the International Conference on Financial Cryptography and Data Security, March, 2021, Grenada (Virtual).
8 Pages Posted: 19 Jan 2021
Date Written: January 18, 2021
Abstract
Multi-factor authentication (MFA) is a useful measure for strengthening authentication. Despite its security effectiveness, the adoption of MFA tools remains low. To create more human-centric authentication solutions, we designed and evaluated the efficacy of a risk-reduction-based incentivization model. We examined the real-life use of MFA and developed text-based and video-based risk communication strategies. We implemented our proposed model in a large-scale organization with more than 92; 025 employees, and we collected survey data from 287 participants and interviewed 41 participants. Our goal was to under- stand how MFA can protect corporate servers, employee accounts, and MFA user perceptions. We observed negative perceptions and degraded understandings of MFA technology due to the absence of proper risk and bene t communication in the control group. Meanwhile, the experimental group employees showed positive perceptions of MFA use for their work and personal accounts. Our analysis and implementation strategy are critical for reducing users' risks, creating positive security tool usage experiences, and motivating users to enhance their security practices.
Keywords: Authentication, Multi-Factor Authentication, Risk Communication, User Studies, Organizational Security
Suggested Citation: Suggested Citation
