Abstract

The contemporary digital landscape is shaped by rapid Digital Transformation (DT), in which high-stakes identity services such as financial systems, e-commerce platforms, and cloud providers collectively function as converged social media platforms. Within this ecosystem, robust authentication is the primary defense against systemic identity threats. Multi-Factor Authentication (MFA) provides statistically strong protection, preventing over 99.9% of account compromise attempts even when primary credentials are exposed. However, this technical effectiveness is undermined by low adoption and inconsistent usage, creating a critical security paradox. This paper analyzes the hierarchical vulnerabilities of MFA modalities, highlighting the elevated risks of legacy SMS-based methods prone to SIM swapping and the exploitation of human factors through sophisticated social engineering, including MFA fatigue attacks. Using an extended Unified Theory of Acceptance and Use of Technology (UTAUT) framework, the study shows that usability friction, increased cognitive load, and low user trust are dominant socio-technical barriers. The discussion advocates a mandatory shift toward phishing-resistant, FIDO2-based authentication and the deployment of adaptive authentication frameworks to align cryptographic strength with sustainable user behavioural compliance.