Secure TFA with a great user experience: Is it possible?

When I started in the online identity management business seven years ago, it was common to hear the mantra that increasing the security of digital property meant degrading the user experience.

It was true.

If your digital property needed second-factor verification, then the process became even more complicated for users. For example, if you wanted to ensure that a user's registration email address was valid, you had to send a link which the user had to click. After remembering the password or resetting it (in more than 35% of cases), the website then had to send an SMS to the user's mobile phone.

The friction in authentication was increasing, leading to fewer users authenticating. Each additional step increases the chance of the user abandoning the process.

However, those working in the industry knew that it was impossible to improve the UX without worsening security.

But now, everything has changed.