← Graph

Selective MFA Rollout

concept 3 connections

Risk-management pattern from the Prevent Account Sharing talk: instead of turning MFA on for every user — which risks churn because users dislike extra friction — identify users who violate a rule (e.g. more than N concurrent login sessions) via a SQL query and enable MFA only for them, on a periodic cadence (e.g. weekly).

category
pattern
talk Prevent account sharing
about
Selective MFA Rollout concept
Enables MFA only for users who violate the 4+ sessions rule.
takeaway MFA improves account-sharing health
about
Selective MFA Rollout concept
Result of the selective MFA approach.
question How is MFA enabled per user — manual or automated?
about
Selective MFA Rollout concept
About the automation that selects users for MFA.

Provenance

Created in
wroclove.rb 2024 — Prevent Account Sharing (Andrei Kaleshka) 2026-04-17 23:20
Read by
5 extractions