Oort is now part of Cisco  |  Learn more

Try it free

Monitoring MFA Usage and Adoption: Strengthening Your Security Strategy

Multi-factor authentication (MFA) is a widely recognized and essential security measure that adds an extra layer of protection to user accounts. While many organizations understand the importance of implementing MFA, few have a comprehensive view of how it is being utilized within their environment. In this blog, we will explore the significance of monitoring MFA usage and adoption and highlight the potential risks associated with overlooking this crucial aspect of identity security. We will also discuss the growing trend towards phishing-resistant MFA and the importance of monitoring user activity within the MFA framework.

This blog is taken from our Blueprint for Building an Identity Security Program guide.

The Importance of Monitoring MFA Usage

MFA is designed to bolster security by requiring users to provide multiple authentication factors. However, simply enabling MFA for user accounts does not guarantee that it is being actively used. Without monitoring usage, organizations lack visibility into who is using which factors and whether MFA is being consistently deployed across their entire user base. Monitoring MFA usage helps identify potential gaps and ensures adherence to security policies.


Phishing-Resistant MFA and the Need for Monitoring

There is a shift towards adopting phishing-resistant MFA methods, which employ advanced techniques to mitigate the risk of phishing attacks. While investing in phishing-resistant MFA is important, it becomes even more valuable when coupled with effective monitoring capabilities. Monitoring enables organizations to detect and respond to any suspicious MFA activity, such as MFA flooding or unauthorized access attempts. It provides an additional layer of protection against evolving threats. Before you invest in additional authentication factors, ask yourself if you have the means to effectively and continuously monitor if it’s being used.


Lack of Continuous Monitoring and Policy Enforcement

Unfortunately, many companies do not have a mechanism in place to continuously monitor their MFA implementation and enforce their security policies. This oversight leaves organizations vulnerable to potential security breaches. Without ongoing monitoring, it becomes challenging to identify anomalies, address potential weaknesses, and ensure compliance with established MFA policies. Continuous monitoring is vital to maintain a proactive security posture.

MFA Adoption vs. MFA Usage

It is important to recognize that MFA adoption does not necessarily equate to widespread usage. While organizations may have implemented MFA, it is crucial to assess the actual usage of strong authentication factors. Merely enabling MFA for user accounts without actively promoting and monitoring its usage can leave security gaps and increase the risk of unauthorized access. Therefore, tracking MFA usage is essential to ensure the effectiveness of this security measure.

Screenshot 2023-06-13 at 4.52.24 AMSource: State of Identity Security, Oort 2023

KPIs to Consider

To evaluate the success of your MFA implementation and monitor its usage, consider the following KPIs:

Percentage of user accounts configured to use Multifactor Authentication: This metric reflects the extent to which MFA has been implemented across the organization and provides insights into overall coverage and compliance.

Percentage of user accounts using strong forms of MFA: Monitoring the usage of strong authentication factors, such as biometrics or hardware tokens, helps assess the level of security and adherence to MFA policies.


Monitoring MFA usage and adoption is critical for maintaining a robust security posture. It ensures that MFA is actively utilized and identifies any gaps or vulnerabilities in the authentication process. By continuously monitoring MFA usage, organizations can proactively respond to threats, enforce security policies, and strengthen their overall identity security framework. Remember, MFA implementation is just the first step, and ongoing monitoring is key to maintaining a strong defense against evolving security threats.

MFA is a critical component of an identity security program. If you are working to build or mature your identity security program, we have built a comprehensive blueprint that begins with understanding your current maturity across 11 factors and provides recommendations on how you improve your defenses and move up the maturity curve.  Download the full guide and contact us if you have any questions. 

Oort’s Identity Security Platform

Oort is an identity-centric enterprise security platform. As a turnkey solution for Identity Threat Detection and Response (ITDR), Oort is providing immediate value to security teams by working with existing sources of identity to enable comprehensive identity attack surface management in minutes. Led by a team with decades of domain expertise across identity, networking, and security, Oort is backed by venture capital investors including Energy Impact Partners, .406 Ventures, Bain Capital Ventures, Cisco Investments and others. Market-leading technology companies, like Collibra and Avid Technology, rely on Oort to provide full visibility into their identity populations.

To get a free identity security health assessment, request a demo.  

Recent Blogs

Duo SSO Logging Improvements 

We’re committed to enhancing the visibility of data sourced from Duo.true

User Linkage Suggestions 

This week, we’re excited to introduce User linkage Suggestions withintrue