Notifications
Clear all
Topic starter
08/06/2026 4:11 pm
TL;DR: Frictionless security only works when it accounts for every population, not just end users. Axiad’s blog argues that MFA adoption fails when organisations optimise for ease at the point of login while ignoring IT supportability, auditability, and executive governance across the enterprise. Frictionless does not mean governance-free; it means usable controls that survive real operational conditions.
NHIMG editorial — based on content published by Axiad: What’s All the Hype about Frictionless?
By the numbers:
- According to Gartner Group, the number of unfilled cybersecurity roles is expected to grow from 1 million in 2018 to 1.5 million by end of 2020.
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
- Only 5.7% of organisations have full visibility into their service accounts.
Questions worth separating out
Q: How should organisations make MFA frictionless without weakening security?
A: By designing for the full operating model, not just the login screen.
Q: Why do identity programmes fail when they focus only on end-user experience?
A: Because identity operations include administrators, auditors, executives, and support teams, each with different needs.
Q: How can teams tell whether frictionless authentication is actually working?
A: Look for stable adoption, low exception rates, fewer password fallbacks, and clean audit evidence across all identity populations.
Practitioner guidance
- Map friction by identity population Separate end users, admins, auditors, and executives into distinct operating groups and document where each one hits enrollment, recovery, and approval friction.
- Build recovery and exception handling into MFA design Treat forgotten devices, reset workflows, temporary access, and support escalation as core controls.
- Tie authentication to audit evidence Require logs and reports that show enrollment state, exception approvals, and access outcomes for each population.
What's in the full article
Axiad's full blog post covers the operational detail this post intentionally leaves for the source:
- How the vendor frames frictionless MFA across end users, IT teams, CISOs, and executives.
- The specific product and service experience claims behind its frictionless DNA messaging.
- The support and partnership model the vendor says it applies after deployment.
- The broader explanation of how it positions MFA adoption within enterprise strategy.
👉 Read Axiad's blog on frictionless MFA and enterprise identity adoption →
Frictionless MFA and identity governance: what teams miss?
Explore further
08/06/2026 5:41 pm
Frictionless identity is a governance model, not a usability slogan. The article treats friction as something to remove from the user journey, but the deeper issue is whether the organisation can sustain secure behaviour across every identity population. In practice, frictionless design must still preserve auditability, recovery, and lifecycle control. Practitioners should treat usability as a control-adoption requirement, not a substitute for governance.
A few things that frame the scale:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which leaves most machine access outside reliable governance.
A question worth separating out:
Q: What is the difference between a usable MFA flow and a governable MFA programme?
A: A usable flow lets people sign in with minimal effort. A governable programme also provides controlled enrollment, recovery, reporting, and administrative oversight. The first may improve experience, but the second is what lets the organisation sustain security and prove compliance over time.
👉 Read our full editorial: Frictionless MFA fails when identity governance stops at users
