Secure email MFA UX
5 min read
The problem with secure email is, in my many cases, people don’t like it. Why? Because it’s a pain. Or so we hear. We know that providing a seamless experience for recipients is vital for the adoption of secure and compliant communication tools. If receiving a secure message is cumbersome, recipients may be reluctant to engage with it, meaning your email could go unread. But why does receiving a secure email need to be so clunky?
Accessing a message can be harder than you think
Opening an email only to be faced with a link can be confusing, especially when that link takes you to an unfamiliar page or portal. A lot of secure email solutions fail to provide a custom recipient environment, meaning users are greeted with the brand of a secure email provider - rather than the sender’s.
Not only can this lead to mistrust in new users, but it makes the whole process feel inherently less secure. More often than not, recipients won't understand that they are communicating via a third party. As a society, we are rightly becoming more vigilant when it comes to incoming emails, conscious of falling foul to malicious actors and cyberthreats. As such, your recipients are probably on the look out for phishing emails. Serving up an unfamiliar link and portal is likely to put them on edge.
In addition, with many solutions on the market, recipients are forced to fill in a form to create an account for the secure messaging solution. This creates a huge pain point for users who simply want to access their email.
Thankfully, the decryption of secure messages is done behind the scenes. But for plenty of solutions, this is where the ease of use ends. Sometimes the above process needs to be repeated, this time with a login screen. Accessibility should be a priority for every organization, and for users who are less digitally confident, this can be a daunting and frustrating experience.
What this means for security and compliance
A clunky user-experience may seem a trivial matter against a backdrop of wider cybersecurity concerns. However, when we speak to security professionals and end-users dealing with outbound email security solutions every day, we hear two issues: open rates and the risk of employees ducking and diving security measures.
If accessing secure emails is not straightforward, recipients will often give up and ignore the email altogether. This not only means a client, patient or customer doesn’t access their message, but it builds a wall between sender and recipient - between clients and businesses, patients and doctors, residents and councils. All in all, a poor user experience can seriously damage relationships.
In many cases, this can result in employees seeking out ways to circumvent secure workflows and security measures, only serving to increase risk in the long term.
How Zivver delivers a friction-free recipient experience
Secure communications are our bread and butter. We know that a positive recipient experience is key to effective secure communication.
"At Zivver, making sure email security is easy to use is a huge part of our product strategy. We know that if it's not user-friendly, people won't use it properly and that in itself can present a security risk. Plus, our focus on seamless integration and intuitive design really sets us apart from other solutions out there." — Anita Mavridis- VP of Product at Zivver
Here’s how we deliver an effortless and stress-free process for your recipient:
Clear pre-notification emails
When recipients are about to receive their first secure message, Zivver sends a pre-notification email. The email explains what Zivver is, why it’s being used, and what to expect, reducing confusion and building trust.
Sender domain and custom branding
Messages can be sent on behalf of the organization’s own domain, and with custom branding. This maintains consistency and builds trust, as recipients recognize the sender, reducing the likelihood of the message being ignored or flagged as spam.
Trusted device authentication
Recipients can opt for Zivver to trust their device for 30 days after an initial message verification. This means they can skip verification steps for subsequent messages, enhancing convenience without compromising security.
Multi-factor authentication (MFA)
Security isn't just about encryption—it's also about ensuring that the right person is accessing the email once it reaches its destination. Zivver employs strong multi-factor authentication (MFA) methods, including:
- Access code: An agreed passcode between sender and recipient (e.g., a case file number).
- Organization code: A passcode for all messages from the sending organization (e.g., your customer ID number).
- SMS code: A code sent via SMS where the recipient's mobile number is known.
A smooth recipient experience ensures that secure communication tools are adopted effectively; happy recipient, happy sender!
At Zivver, we are committed to simplifying secure email. Interested in how we compare to our competitors?
Take a look at the benefits of switching to Zivver.
First published -
Last updated - 20/06/24
