According to the 2017 Verizon Data Breach Investigations Report “81% of hacking-related breaches leveraged either stolen and/or weak passwords.” A solution to this problem is to use Multifactor Authentication to prevent a stolen password from being enough for an adversary to gain access to critical systems. This has been true for a long time. Yet MFA is still only used for specific use cases, like remote access. And even there, not universally. Why is this? It is because MFA has traditionally been what social scientists call “a pain-in-the-ass” for both users and IT.