Overview
Multi-Factor Authentication (MFA) is the primary security measure at Boehringer Ingelheim (BI), required for accessing internal systems. However, the 2024 Global IT survey revealed a sharp decline in MFA satisfaction, signaling usability challenges.
The Digital Workplace UX team has been assigned to investigate the root causes of this decline, focusing on improving the authentication experience while maintaining security.
Objectives
-
Identify user pain-ponts and barriers when using MFA.
-
Assess current awareness and usage of password-less solutions (Windows Hello for Business).
-
Evaluate satisfaction levels with MFA and propose improvements.
Methodologies
1. Data sources:
-
Global IT survey
-
MFA 2024 Incident tickets
-
User interviews
-
Other relevant feedback channels
2. Approach:
-
Mixed-methods research: Qualitative and quantitative.
Sample Size
228 free text responses
11,204 incident tickets
9 In-depth user interviews
This is where data speaks louder than design, Are you in?
Problem Statement
Multifactor Authentication (MFA) is essential for securing systems and data, but its usability may be impacting user satisfaction. A significant drop in this year’s MFA NPS suggests that excessive authentication requests or other friction points are creating frustration. Understanding these challenges is crucial to improving the user experience while maintaining security.
We Began by Analyzing Global IT Survey Dashboard
Insights from NPS Data (2023 vs. 2024)
Overall MFA NPS
Brief Analysis: In 2024, the NPS experienced a significant decline, dropping from +12 in 2023 to -5. This shift indicates a notable decrease in user satisfaction.
Insights from NPS Data (Different User Profiles)
Brief Analysis: NPS scores indicate major dissatisfaction in the R&D, lab environment, and production areas due to critical issues. While the specific problems may vary, the significant dissatisfaction is clear across these settings.
We Continue with In-Depth User Interviews
Interviews Sample
We Identified the most dissatisfied employees:
R&D Employees
Lab Employees
Production Employees
User Interview Quotes
Sometimes it will make me also authenticate, and that is I think the only frustration I have on my point is that there's multiple times I have to authenticate.
That's a lot of authenticating. That's a long process.
Repeated Authentication issue
You have to authenticate outside of the clean room, then bring the iPad back in, so, I think it just creates like an additional step for us.
Restricted Areas issue
I was told that on our whole company, there are two people who are allowed to use hard tokens, and these are people who normally travel.
Not useful when you don't have access to a phone, and you are working in a sort of cleanroom.
On an iPad because you're using apps. you authenticate many more, you authenticate with each app.
Device Confliction issue
All users, especially iPad users, struggle with frequent authentication, while lab and production employees are frustrated with using personal devices.
Interviews and Survey Themes
Tags Groups
Tags Frequency
1. Time Consumption: Users are frustrated by frequent MFA prompts, especially when off the company network. iPad users face the most challenges.
​
2. Device Conflicts: Dependency on personal mobile devices creates significant challenges due to privacy concerns, especially for employees in restricted areas like clean rooms or labs, where mobile devices are prohibited.​
​
3. Restricted Areas: Challenges in using mobile devices efficiently arise in labs and clean rooms certain settings due to rules and regulations. For instance, users often need to remove their gloves during crucial experiments or production tasks for the authentication process, which disrupts their workflow.
Interviews and Survey Insights
-
Authentication Frequency
Lack of understanding about authentication frequency increases user frustration
-
iPad Users' Frustration
iPad users report significantly higher levels of frustration with the current authentication process
-
Restricted Areas
Users working in the restricted areas face greater difficulties with the authentication process
-
Phone Dependency
Users dislike relying on their personal phones for the authentication process due to privacy concerns
-
Security Awareness
Users understand the importance of security in the authentication process
Number of survey response:
228 free-text responses
Next, we conducted an analysis of incident tickets
Incident Tickets
Total Tickets: 11,204
Filtered by:
MFA
Year:
2024
Source:
Global Service Desk
After analyzing Global IT survey and user interviews, we reviewed “Incident Tickets” to ensure all the pain points identified in the previous research phase were addressed and to uncover more probable user challenges.
Incident Tickets Analysis
Main Categories
The incident tickets are divided into three main categories: Assistance (84%), Fault (16%), and Other (0%).
​
Most tickets are related to Assistance (84%), indication that users primarily need help with MFA rather than reporting Fault or other issues.
Assistance Category
Most tickets are Inquiries (69%), indicating a need for clearer guidance or resources.
​
​ Password issues (25%) highlight challenges with resetting or managing passwords.
​​
​ Lost devices (5%) tickets emphasize the importance of secure recovery options.
Incident Tickets Analysis - Outcome
Top Issues
-
Authentication issues (35%): Users struggle with logins, account logouts, and resets.
-
Device setup/change (30%): Users need assistance for setting up MFA on new or existing devices.
-
App issues (25%): Problems include not receiving codes or needing to reset the app.
Key Findings
-
Authentication issues are the most reported, indicating a need for smoother login and reset processes.
-
Device setup/change and app-related issues suggest opportunities to provide more materials about MFA configuration on both setup and change topics.
Incident Tickets and Popular Materials
Note: Top 10 supportive materials in 2023 and 2024
1. Ticket Trends (2023-2024)
-
6,044 total tickets raised (2023 to Nov 2024).
-
1,904 tickets referenced previous incidents, showing recurring issues.
​
2. Top Contributors to Tickets (2023-2024)
The MFA Guide caused the most tickets both years:
-
46% of referenced tickets in 2023.
-
25% of referenced tickets in 2024.​
It shows:
Current materials for setting up MFA were not clear or helpful enough for users.
Finally, we outlined UX recommendations and next steps
UX Recommendations
1. Simplify access for lab and production employees
We suggest providing hard tokens to make authentication easier in phone-restricted areas.
2. Reassure travelling users
We recommend adding a helpful message like:
​
“You’re receiving these prompts because of a likely insecure network. Thank you for your understanding”
​
This can reduce frustration and build trust.
3. Improve IT support articles
We suggest including clear guidance on:
-
MFA setup process.
-
Device restarts and replacements.
​
This ensures faster ticket resolution and a smoother support experience.
Next Steps
1. Hard Tokens
-
Conduct a pilot study to provide hard tokens to lab and production employees in phone-restricted areas.
-
Gather feedback to refine the approach.
2. Authentication Prompts
-
Work with the dev team to add the suggested off-network authentication message.
-
Test the message and track the MFA survey for user frustration with repeated prompts.
3. IT Support Articles
-
Update articles with detailed MFA setup, restart, and replacement steps.
-
Share updates with IT support and track their impact on ticket resolution.