TL;DR: Credential-based attacks keep MFA mandatory, while passkeys, adaptive policies, and AI agent access are reshaping what teams need from authentication providers, according to WorkOS. The real decision is no longer second-factor coverage alone, but whether the MFA layer fits enterprise identity, session control, and machine identity governance.
At a glance
What this is: This is a practical comparison of five MFA providers, with the key finding that authentication choice now affects human login security, enterprise policy fit, and AI agent readiness.
Why it matters: IAM teams need to treat MFA as part of broader identity architecture because provider choices now shape SSO, session revocation, compliance evidence, and how machine identities are governed.
By the numbers:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities.
👉 Read WorkOS's comparison of the top MFA providers for app security in 2026
Context
Multi-factor authentication is now a baseline control rather than an optional hardening step. The article frames the 2026 market around passkeys, adaptive risk checks, enterprise federation, and AI agents that need their own identity treatment, which pushes MFA decisions well beyond the login screen.
For developers and IAM teams, the main question is whether an MFA provider can fit into the wider identity stack without creating duplicate policy, broken sessions, or separate paths for users, guests, and machine actors. That is where product choice becomes an architecture decision, not just a security checkbox.
Key questions
Q: How should app teams choose an MFA provider for B2B SaaS?
A: Choose the provider that fits your identity architecture, not just your login screen. For B2B SaaS, that usually means support for enterprise SSO, per-organisation policy, audit logs, session revocation, and developer-friendly APIs. If you expect tenant-specific requirements or guest access, make those boundary conditions part of the selection test.
Q: Why do passkeys matter more than SMS for MFA?
A: Passkeys reduce phishing and interception risk because they use device-bound cryptographic authentication instead of reusable codes. SMS remains vulnerable to SIM swapping, message interception, and social engineering. For high-risk access, organisations should treat passkeys as the preferred factor and reserve weaker methods only for transitional cases.
Q: How can security teams govern MFA for AI agents and machine identities?
A: Do not reuse human MFA assumptions for machine access. AI agents and workloads usually need scoped tokens, certificates, or delegated credentials with explicit audit and revocation paths. The key is to separate interactive authentication from non-human access so that policy, logging, and lifecycle controls match the identity type.
Q: What should organisations check before standardising on adaptive MFA?
A: Verify that the risk signals are reliable, the policy scope matches your tenancy model, and the platform can explain why authentication was stepped up or stepped down. Adaptive MFA works best when teams can audit the decision path and avoid hidden policy conflicts across apps, users, and external users.
Technical breakdown
Passkeys, TOTP, and phishing-resistant authentication
Modern MFA stacks are moving away from shared secrets that can be phished, replayed, or intercepted. TOTP still improves security over passwords, but passkeys and WebAuthn-based factors bind authentication to a device or cryptographic key pair, which materially reduces credential theft risk. In practice, the important distinction is between knowledge factors that can be copied and phishing-resistant factors that cannot be reused outside the enrolled device or authenticator. Providers that support both still matter because migration is rarely instantaneous, but the architectural direction is clear: the authentication layer must be designed to survive modern phishing and token theft patterns.
Practical implication: Prioritise phishing-resistant factors for high-risk users and plan a staged migration away from SMS and shared-secret recovery paths.
Adaptive MFA and risk-based policy enforcement
Static MFA treats every login the same, which creates friction for low-risk access and leaves room for sophisticated abuse when attacker behaviour changes. Adaptive MFA uses signals such as location, device posture, IP reputation, and behavioural patterns to decide whether to step up, step down, or defer authentication. That makes the authentication layer context-aware rather than binary. For SaaS applications, the design challenge is not only collecting signals but also deciding where policy lives, whether it is global, per application, or per organisation. The more multi-tenant the environment, the more important policy scoping becomes.
Practical implication: Map which risk signals you can trust operationally and verify that policy scope matches tenants, apps, and roles rather than only a global default.
Machine identity and AI agent authentication
The article correctly notes that MFA is no longer just a human login control. AI agents and machine-to-machine workflows increasingly need authenticated access to APIs, admin actions, and sensitive operations, which means identity systems must distinguish user authentication from workload or agent authentication. That is not the same as bolting MFA onto a script. Machine identities usually rely on OAuth clients, tokens, or certificates, while agent actions may need step-up controls, scoped delegation, and revocation that work at runtime. If the provider cannot express those differences, teams end up with parallel auth systems and inconsistent governance.
Practical implication: Separate human MFA policy from machine identity controls and confirm that agent actions can be scoped, audited, and revoked independently.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
MFA is no longer a login feature, it is an identity architecture decision. The article shows that provider choice now affects enterprise SSO, audit logging, tenant policy, and session control, not just second-factor prompts. That is why MFA cannot be evaluated as a standalone security widget. Practitioners should treat it as part of the control plane that shapes the rest of the identity programme.
Passkeys expose the limits of SMS and other copyable factors. Once a provider supports phishing-resistant authentication, SMS starts to look like an exception path rather than a fallback. The governance issue is no longer whether MFA exists, but whether the factor can survive phishing, interception, and replay in a realistic attack chain. Teams should view factor selection as a resilience decision, not a UX preference.
Machine identity governance now belongs in MFA discussions. The article’s AI agent and M2M section is a reminder that non-human access is not a side case anymore. A provider that cannot distinguish user sessions from agent credentials will force teams to improvise controls elsewhere, which fragments policy and auditability. Practitioners should expect MFA planning to intersect with NHI governance and workload identity design.
Session revocation is the control boundary that makes MFA meaningful after login. The article correctly points out that authentication strength is limited if active sessions cannot be killed quickly. This shifts attention from enrollment and challenge design to the lifecycle of the session itself, especially for regulated environments and B2B applications with long-lived access. IAM teams should judge MFA platforms by what they can revoke, not only by what they can challenge.
Per-organisation policy is the difference between B2B usability and policy drift. The article highlights a real multi-tenant tension: different customers want different authentication requirements. Without tenant-level policy, teams either over-enforce across all customers or compensate with custom logic in the application. The practical conclusion is that MFA must align to customer boundary models, or governance will leak into product code.
From our research:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
- Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months.
- That pattern makes identity lifecycle controls and machine-identity governance more urgent than factor selection alone, as shown in the same report.
What this signals
Identity boundary drift is the hidden MFA problem. Once your application serves customers, guests, and machine actors, the real governance test is whether authentication policy still maps cleanly to the identity subject. With 2.7 separate incidents in the past 12 months among organisations that experienced a compromised NHI, per The 2024 ESG Report: Managing Non-Human Identities, the risk is no longer theoretical.
Teams should assume that MFA decisions will increasingly intersect with workload identity, session revocation, and tenant policy design. That means the programme owner cannot treat authentication as a front-end problem only. The next control gap is usually not challenge strength, but whether the identity model still distinguishes human logins from non-human access cleanly.
Session survivability is becoming a governance metric. If a provider cannot revoke active access quickly, the factor itself does not close the risk window. That is why identity teams should review authentication through a lifecycle lens, especially where shared apps, contractor access, and automated workflows coexist.
For practitioners
- Prioritise phishing-resistant factors first Move high-risk populations to FIDO2 or WebAuthn-based authentication before tightening lower-assurance controls. Keep TOTP only where migration friction is still blocking adoption, and plan to retire SMS wherever policy permits.
- Validate tenant-level policy boundaries Test whether MFA rules can differ by customer, application, and guest relationship without custom code. If the platform only offers global policy, map the compensating logic you would need to avoid policy drift.
- Separate human and machine auth paths Document which identities are people, which are workloads, and which are AI agents. Then verify that tokens, certificates, and step-up rules are governed separately from interactive user MFA.
- Test session revocation under compromise conditions Simulate account takeover and confirm that server-side session invalidation actually removes active access across browsers, devices, and connected workflows. A strong factor loses value if the session remains usable after compromise.
Key takeaways
- MFA provider selection now shapes tenant policy, session control, and machine identity governance, not just login UX.
- Passkeys and adaptive authentication matter because copyable factors and static policies no longer match today’s threat patterns.
- The strongest MFA platform is the one that fits your identity boundary model, including users, guests, and AI or workload identities.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST SP 800-63, NIST Zero Trust (SP 800-207) and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST SP 800-63 | Phishing-resistant authentication and assurance levels directly shape MFA factor choice. | |
| NIST Zero Trust (SP 800-207) | PR.AC-1 | MFA is part of continuous verification and access policy enforcement. |
| NIST CSF 2.0 | PR.AC-7 | Strong authentication and access enforcement underpin identity protection outcomes. |
Map MFA coverage to identity controls and verify that authentication is enforced across critical access paths.
Key terms
- Phishing-resistant authentication: Authentication that cannot be easily replayed, phished, or intercepted because it binds the login to a device or cryptographic proof. In practice, passkeys and WebAuthn-style methods reduce the value of stolen codes and make credential theft harder to operationalise.
- Adaptive MFA: An authentication approach that changes the challenge based on context such as device posture, location, network signals, or behaviour. The goal is to reduce unnecessary friction while stepping up protection when access looks unusual or high risk.
- Machine identity: A non-human identity used by software, services, or AI systems to access other systems. Unlike a human account, machine identity depends on tokens, certificates, or delegated credentials, and its governance must include lifecycle, scope, and revocation controls.
- Session revocation: The ability to invalidate active sessions so access ends immediately instead of waiting for tokens or browser state to expire. For identity governance, this is the control that determines whether authentication still matters after a compromise is detected.
Deepen your knowledge
MFA provider selection, phishing-resistant authentication, and machine identity governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your programme is starting to manage human, workload, and agent access together, it is worth exploring.
This post draws on content published by WorkOS: Top 5 MFA providers for securing your app in 2026. Read the original.
Published by the NHIMG editorial team on 2026-04-01.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
