Organizational Security: Implementing a Risk-Reduction-Based Incentivization Model for MFA Adoption

Multi-factor authentication (MFA) is a useful measure for strengthening authentication. Despite its security effectiveness, the adoption of MFA tools remains low. To create more human-centric authentication solutions, we designed and evaluated the efficacy of a risk-reduction-based incentivization model. We examined the real-life use of MFA and developed text-based and video-based risk communication strategies. We implemented our proposed model in a large-scale organization with more than 92; 025 employees, and we collected survey data from 287 participants and interviewed 41 participants. Our goal was to under- stand how MFA can protect corporate servers, employee accounts, and MFA user perceptions. We observed negative perceptions and degraded understandings of MFA technology due to the absence of proper risk and bene t communication in the control group. Meanwhile, the experimental group employees showed positive perceptions of MFA use for their work and personal accounts. Our analysis and implementation strategy are critical for reducing users' risks, creating positive security tool usage experiences, and motivating users to enhance their security practices.