Incentives and Multifactor Authentication

It’s well known that adoption rates for multi-factor authentication are poor. For example, “Over 90 percent of Gmail users still don’t use two-factor authentication.”

Someone was mentioning to me that there are bonuses in games. You get access to special rooms in Star Wars Old Republic. There’s a special emote in Fortnite. (Above)

How well do these incentives work? Are there numbers out there?

2 Replies to “Incentives and Multifactor Authentication”

  1. When I was at CMU we did a study where we measured the effect of password meters on password security. Our initial hypothesis was that showing a password security measurement incentivized people to create better passwords. Study here:

    https://www.blaseur.com/papers/sec12_pwmeters_paper.pdf

    Initially we found a statistically significant positive result for “fun” meters (a dancing picture of Bugs Bunny that got faster as the password got better). This didn’t hold up, but we did find that meters nudge people to make better passwords.

    Personally, I like feedback and I think other people do as well. However, most feedback on account security is hidden or sucks.

  2. My company made this mandatory about 3 years ago and I helped translate the user guide from tech speak to more user-friendly language.
    We did not offer incentives (although I think that’s a fun idea); we simply blocked remote access after the deadline. If a remote user didn’t comply by a certain date, they would have to call tech support and get it set up.
    We gave about two months for users to set up before deadline and offered online and in-person support to get set-up during that time. We also designated “super users” in each department (who weren’t IT) who were comfortable with the process and could help colleagues with set-up.
    I work remotely 50% of the time and the two-factor auth process is now second nature to me.

Navigation