An employee in the office opens his laptop. He wants to update his emails and prepare for the rest of the day, but even before he’s logged in, a new verification prompt appears. Later in the day, at home, the same thing happens. And during an appointment outside the office, he is again asked for extra verification.

The employee understands that security is necessary, but it feels like MFA constantly interrupts him. He’s not the only one. Many organisations experience that multi-factor authentication, although essential, causes unnecessary frustration when not set up correctly.

At Joinly, we see that MFA can be both secure and pleasant.
The problem is not MFA itself, but the way it’s applied.

Why MFA often causes irritation

MFA is designed to prevent unauthorised access. It's one of the most powerful tools against account attacks. But without thoughtful implementation, it can become a source of frustration.

The irritation usually arises from three factors:

• too many or illogical verification requests

• no distinction between regular and risky situations

• lack of explanation about the purpose and functioning of MFA

When MFA is deployed too rigidly, it hinders employees more than it protects them.

A telling practical example

A team leader at one of our clients reported that he had to perform MFA several times a day, even in situations that were completely predictable and safe. This caused him to lose confidence in the digital working environment. Despite the security team's good intentions, MFA felt like a rule that mainly cost time.

The organisation discovered that MFA was set identically for everyone. Every login attempt was treated the same way, regardless of the risk. This led to unnecessary strain on employees and even resistance to security measures.

When the organisation switched to a modern IAM platform with a risk-based approach, the experience changed completely. MFA was only used when the situation required it. Security increased while the burden on employees decreased.

The power of risk-based MFA

Modern IAM solutions offer the possibility to deploy MFA not as a standard step, but as an intelligent control. This means the organisation continuously assesses whether extra verification is necessary.

The system looks at patterns, circumstances, and potential anomalies. Only when something deviates from normal behaviour is MFA activated. In all other cases, an employee can continue working without interruption.

This approach ensures a significant improvement in user experience.
It applies security where it's relevant, not where it’s redundant.

When MFA works as intended

At another organisation we worked with, MFA prompts took employees an average of twenty minutes a day. Not because MFA went wrong, but because it was applied too frequently.

After switching to risk-based verification, the number of prompts fell drastically. Employees only saw MFA when there were actual signals requiring increased attention. The security level remained high, but the daily burden was significantly reduced.

The best part was that employees no longer saw MFA as a burden, but as something that protected them.

Communication is crucial for acceptance

Technology alone is not enough. The way an organisation communicates about security also impacts how MFA is perceived. When employees understand why MFA is necessary and when they will or will not see it, resistance decreases and acceptance grows.

Clear communication helps employees move forward, especially when you explain:

• why MFA is essential in modern digital work environments

• how MFA reduces risks without hindering them

• when they can or cannot expect MFA

Giving employees insight makes MFA a tool that is understood and accepted.

MFA as a foundation of identity security

Attackers increasingly target user accounts. Passwords are massively stolen through phishing, SMS spoofing, and social engineering. MFA forms a necessary second layer of security in these developments. Without MFA, a password is often the only thing standing between an organisation and an attack.

But MFA only provides maximum protection when used intelligently. That means:

• risk-focused

• based on recognisable behaviour patterns

• aligned with employees' everyday practice

IAM makes this intelligent form of MFA possible.

Joinly’s vision: secure access without unnecessary interruptions

At Joinly, we view MFA as an integral part of modern identity security. But we don't believe in MFA as a standard step that continually hinders employees. Our approach focuses on enhancing security without affecting the daily user experience.

We adhere to three guiding principles:

1. MFA is only deployed when the situation requires it

2. Access remains smooth for employees who work predictably and safely

3. Risk detection determines when extra verification is necessary

In this way, MFA becomes a reliable security measure that offers protection without friction.

MFA doesn't have to be a source of irritation.
With the right IAM strategy, it becomes an invisible assurance that employees can trust.