Security isn’t just about the strength of your controls; it’s about how those controls impact your people. When security measures slow down agents or interrupt their flow, those tools stop being helpful and start creating risk. That’s security friction—one of the biggest unseen threats in today’s contact centers.
What Is Security Friction?
Security friction is the drag created by security systems that interrupt the user experience. Think password resets every 90 days, MFA prompts after 15 minutes of inactivity, or needing to re-authenticate across multiple platforms in a single shift. These tasks are meant to protect the business, but can quickly become productivity killers.
According to IBM, completing an MFA challenge takes an average of 3 minutes, and password resets cost enterprises about $70 each. For contact center agents who authenticate multiple times per day, that’s hours lost per month, per agent. When these interruptions stack up, they don’t just frustrate users—they create openings for risk. 65% of employees admit to bypassing security to stay productive, according to CyberArk’s Identity Security Threat Landscape Report.
This isn’t about negligence—it’s about frustration. The more friction users feel, the more likely they are to cut corners.
Why Security Friction Hurts Contact Centers
Contact centers operate at high volume and speed. Even small inefficiencies compound quickly. Frequent logins, timeout prompts, and multi-device MFA slow agents down and pull them out of their workflow—right when speed and focus matter most.
And the impact doesn’t stop at productivity. Friction leads to behavior that directly undermines security:
- Agents reuse or share credentials.
- Passwords get written down.
- "Keep-alive" tactics like jiggling the mouse are used to avoid timeouts.
These behaviors create blind spots in your IAM strategy. IT leaders may assume their controls are working as intended, but the reality on the floor tells a different story.
In contact centers with high employee turnover, friction leads to increased help desk tickets, slower onboarding, and inconsistent compliance. It’s a hidden cost that adds up fast.
How Traditional MFA Contributes to Friction
Most MFA solutions rely on user participation, whether entering a code, clicking a push notification, or plugging in a hard token. Every interaction adds friction.
In theory, these actions feel minor. But in practice, they disrupt the user’s flow state. That disruption isn't just annoying for agents handling dozens of calls per shift—it’s expensive. And when physical devices like hard tokens get lost, shared, or broken, security friction becomes an operational burden too.
More prompts lead to more resets, more support tickets, and more risk. Not less.
Continuous Identity Verification: Agent Authentication Without the Interruptions
Twosense continuous authentication removes friction from identity security. Instead of requiring agents to stop and prove who they are, our system continuously verifies identity in the background using behavior, such as typing patterns and mouse movements.
There are no codes to type, no devices to manage, and no interruptions. Just secure, invisible authentication that runs throughout the session.
Unlike traditional MFA, which verifies identity once per login, Continuous MFA provides real-time security every second. If the system detects behavior that doesn’t match the user’s profile, it can automatically lock the session, stopping intrusions in under a minute.
The result? A secure experience that doesn’t slow anyone down.
The Takeaway
Security friction isn’t just a user experience issue—it’s a security risk. Every delay or disruption is a moment when someone may look for a shortcut. That’s how passwords get reused, credentials are shared, and policies are bypassed.
Twosense keeps your team secure without getting in their way. There is no hardware, no hassle, just continuous, invisible identity verification that protects your environment and your agents without slowing them down.
