Independent agents have had enough of carriers requiring
According to a survey on MFA usage conducted by ID Federation, a nonprofit industry coalition, agents said they use an average of 2.7 MFA methods each. Different carriers have differing requirements, such as a text to a cell phone, an email, a phone call, an authenticator app or biometric recognition. Half of the agents surveyed authenticate with carriers more than six times a day. That means an agency with 10 employees authenticates at least 60 times a day — an undeniable drain on time and resources.
This raises an important question: Should carriers compete on security? More specifically, should agents be burdened with an ever-expanding list of unique login requirements for each carrier? If you ask agents, their answer is a resounding "no."
MFA burden on agencies
According to the survey, 44% of agents indicated that three to five of their carriers mandate MFA. When required to use MFA, 50% of agencies say they must use MFA at every login. Without an industry standard, this means that agents are authenticating in a number of different ways. This comes with many challenges.
For example, if an MFA code arrives via email, but the email hasn't synced in time, then agents are forced to restart the login process. Worse, if someone else at the agency receives the code and needs to relay it, the delay compounds. Meanwhile, the agent trying to log in might be on the phone with a client that is asking "What is taking so long?"
In addition to the inconvenience and lackluster customer service that can result, agencies are concerned about security — despite the security MFA is meant to provide. Agency principals are increasingly worried about the risks that come with agents using personal cell phones with authentication. And with carriers each enforcing their own MFA standards, the lack of consistency across the industry makes it harder for agencies to establish their own secure and efficient practices.
Let's not compete on security
Cybersecurity should not be an area where carriers compete. Instead, the industry should collaborate to create a unified, standardized approach that balances security with operational efficiency. Some key considerations include the following:
● Strength in standardization: Rather than each carrier implementing its own proprietary MFA requirements, the industry should work together to standardize practices.
● Regulatory risks and financial penalties: Carriers that fail to meet security standards face significant fines. In December 2024,
● Cost to the independent agent channel: If every agency and carrier work separately to solve the same problem, the financial burden on the independent agent channel increases. A coordinated approach reduces redundancy and saves costs.
ID Federation offers a solution to the MFA inconsistency: SignOn Once. This industry-wide initiative allows agents to securely access carrier systems without multiple logins. Instead of memorizing a dozen different login procedures, agents can leverage their existing management system credentials to authenticate across multiple carriers seamlessly.
As more carriers implement SignOn Once, those who don't might see their sales drop — similar to when real-time quoting became the industry standard. In that shift, carriers that failed to adopt real-time quoting simply stopped getting quoted. The same pattern could unfold with SignOn Once. When enough carriers have implemented the solution, those who do not could find themselves at a competitive disadvantage.
Path forward
The benefits of adopting a national sign-on standard extend beyond making agents' lives easier, however. By aligning with ID Federation, carriers can do the following:
● Enhance security compliance: SignOn Once meets industry security best practices and aligns with the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0.
● Improve operational efficiency: A standardized approach to MFA will reduce the burden on IT teams and lower costs associated with maintaining multiple security protocols.
● Strengthen relationships with independent agents: Agents prefer working with carriers that make it easier to do business.
Independent agents drive the insurance business. No policy is sold until an agent completes the process, and repetitive logins only slow that process down. Carriers that prioritize both security and usability will be better positioned for future success.
MFA inefficiencies are not merely an inconvenience, they are also a serious productivity issue facing agencies nationwide. Those who embrace industry-wide standardization now will lead the way in both cyber security and operational efficiency.
