All templates

Employee MFA Friction & Recovery Assessment

Measures employee friction with multi-factor authentication prompts, backup method clarity, and step-up authentication impact to guide security UX improvements and reduce authentication-related workflow disruptions.

Sample questions

A preview of what’s in the template. Every question is editable before you launch.

22 questions · ~10 min
Q01
Message

Welcome! This survey takes approximately 5 minutes and asks about your recent experience with multi-factor authentication (MFA), backup sign-in methods, and step-up authentication. Your participation is voluntary and you may stop at any time. There are no right or wrong answers — we are interested in your honest opinions. All responses are confidential and will be reported only in aggregate to improve authentication usability. Please click 'Next' to begin.

Q02
Dropdown

On a typical workday in the past 7 days, approximately how many MFA prompts did you complete?

  • 0
  • 1–2
  • 3–5
  • 6–10
  • 11–15
  • More than 15
Q03
Opinion Scale

How clear are your backup sign-in options if your primary MFA device is unavailable?

Scale: 15
Min:Not at all clearMax:Extremely clear
Q04
Opinion Scale

How clearly can you tell which actions will trigger step-up authentication before you begin them?

Scale: 15
Min:Not at all clearlyMax:Extremely clearly
Q05
Ranking

Please rank the following improvements by how much they would reduce MFA fatigue for you. Drag to reorder; top = highest priority.

  1. Fewer prompts on trusted devices
  2. Clearer explanation of why a prompt occurs
  3. Shorter or faster prompt (e.g., biometric or one-tap)
  4. Longer session duration before re-prompt
  5. Better offline or travel fallback
  6. More consistent experience across apps and services
Drag to rank
Q06
Long Text

Based on your responses in this survey, is there anything else you would like to share about your MFA, backup sign-in, or step-up authentication experience?

Q07
Dropdown

What is your primary department or function?

  • Engineering / Development
  • IT / Operations / SRE
  • Security / Compliance
  • Product / Design
  • Finance / Accounting
  • HR / People
  • Sales / Marketing
  • Customer Support / Services
  • Other
  • Prefer not to say
Q08
Message

Thank you for your time and insights. Your feedback will directly inform improvements to our authentication experience. If you have any questions, please contact [security-ux@company.com].

Q09
Opinion Scale

How disruptive were MFA prompts to your workflow in the past 7 days?

Scale: 15
Min:Not at all disruptiveMax:Extremely disruptive
Q10
Multiple Choice

Which fallback or recovery methods have you used in the past 12 months, if any? Select all that apply.

  • Backup codes
  • SMS text code
  • Phone call code
  • Security key (e.g., YubiKey)
  • Authenticator app on a secondary device
  • Helpdesk-assisted temporary access
  • Recovery email link
  • Other (please specify)
  • None — I have not needed a fallback method
Q11
Opinion Scale

How clear is it why step-up authentication is required when it occurs (e.g., accessing sensitive data, logging in from a new location)?

Scale: 15
Min:Not at all clearMax:Extremely clear
Q12
AI Interview

Thank you for your answers so far. We'd like to explore a couple of your experiences in a bit more depth. Please share as much or as little detail as you'd like.

Q13
Multiple Choice

Which best describes your role level?

  • Individual contributor
  • People manager
  • Executive / Senior leadership
  • Prefer not to say
Q14
Opinion Scale

Overall, how satisfied are you with the current MFA sign-in experience?

Scale: 17
Min:Very dissatisfiedMax:Very satisfied
Q15
Opinion Scale

If you lost your primary MFA device today, how confident are you that you could regain access to your accounts within 30 minutes?

Scale: 15
Min:Not at all confidentMax:Extremely confident
Q16
Opinion Scale

When step-up authentication occurs, how disruptive is it to completing your task?

Scale: 15
Min:Not at all disruptiveMax:Extremely disruptive
Q17
Dropdown

How long have you worked at the company?

  • Less than 1 year
  • 1–2 years
  • 3–5 years
  • 6–10 years
  • More than 10 years
  • Prefer not to say
Q18
Multiple Choice

In which of the following situations have you encountered an MFA prompt in the past 30 days? Select all that apply.

  • Signing into email or productivity apps
  • Connecting to VPN or remote desktop
  • Accessing sensitive data or admin tools
  • Logging in from a new device or location
  • Returning after a session timeout
  • Performing a financial or compliance-related action
  • Other (please specify)
  • I don't recall / Not sure
Q19
Opinion Scale

The situations that trigger step-up authentication feel appropriate for the level of risk involved.

Scale: 17
Min:Strongly disagreeMax:Strongly agree
Q20
Multiple Choice

What is your primary work arrangement?

  • Onsite
  • Hybrid
  • Remote
  • Prefer not to say
Q21
Multiple Choice

In the past 30 days, which of the following, if any, have you done in response to MFA prompts? Select all that apply.

  • Delayed responding to MFA until a break
  • Approved a prompt without reading all details
  • Declined a prompt that looked unfamiliar
  • Waited for a push instead of entering a code
  • Used a trusted device to reduce extra steps
  • Contacted support for assistance (e.g., reset or temporary access)
  • Other (please specify)
  • None of the above
Q22
Multiple Choice

Which region do you primarily work in?

  • Americas
  • EMEA
  • APAC
  • Prefer not to say

What’s included

  • AI follow-ups

    Adaptive probes on open-ended answers that pull out detail a static form would miss.

  • Attention checks

    Built-in safeguards against rushed answers and low-quality respondents.

  • AI-drafted copy

    Wording, ordering, and branching written by the AI — tuned to your research goal.

  • Auto report

    Themes, quotes, and a plain-English summary write themselves once responses come in.

Ready to launch?

Open this template in the editor. Every part is yours to change before the first respondent sees it.