Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

How we worked with the Information Security team on their Multifactor Authentication help pages

Earlier this year, we worked with the Information Security team to improve their help pages for the rollout of Multifactor Authentication (MFA) across the University. These help pages are important, because potentially thousands of staff will be using them as they enable MFA on their University Office365 accounts.

What is Multifactor Authentication?

When you log in to an online account, you typically have to enter your username and password. Multifactor Authentication is an extra layer of security that can be added to this login process. For example, after your password has been accepted, you might then have to enter a code that’s been sent to your phone. Or you might have to tap “Yes, it’s me” on an authentication app that you have on your phone.

The content design process

The Information Security team had written up some draft webpages to help staff enable MFA on their University accounts. They got in touch with us to get some content design advice on these pages ahead of publication. Because timescales were tight, we recommended some quick testing with their target audience to get a steer on whether the content made sense. They were able to recruit participants for this via the Human Centred Network, and the testing was carried out remotely.

Rather than edit the MFA content directly, I ran a small group writing session with colleagues from the Information Security team. They could bring in expertise in the subject matter while I advised on best practice in content design. The advantage of this approach versus a straight edit was that it enabled the Information Security team to learn a bit about content design and understand the reasoning behind some of the changes I was making. This way, they could apply this knowledge for future iterations of the content.

Improving readability

We suggested the following tips to improve the readability of the content:

  • reduce the amount of text that people have to read
  • break the content into chunks
  • add subheadings

Short, chunked text makes fewer demands on a reader’s working memory, and this makes the text easier for people to understand.

Subheadings make it easier for people to scan a page of text when they are looking for a specific piece of information.

For more information about improving readability, see our Editorial Style Guide, our training course Effective Digital Content, and some webpages we link to from that course:

Editorial Style Guide

Effective Digital Content: Engaging your online audiences

Content Design London Readability Guidelines: Simple sentences How to use headings on your site

Finding alternatives to tables

One piece of content in the prototype site was a 5-column table outlining the features of different authentication methods.

Tables with multiple columns don’t display well on small screens. The content of a table can also be hard to make sense of when you hear it read out by a screen reader. So where possible, it’s good to consider alternatives.

We were able to restructure the content so that a table wasn’t necessary. In the restructured content, the same information is presented as subheadings and paragraph text. This solves the display problem, and makes the text more accessible.

Finding alternatives to flowcharts

Another piece of content we suggested changing was a flowchart to help people decide which authentication method is right for them.

The flowchart had a similar problem to the table. It didn’t display well on small screens, and it wasn’t accessible.

We were able to support the team to rewrite the flowchart as text. This could then be presented alongside the flowchart, which helps ensure that everyone can access the content.

User testing

The Information Security team carried out usability testing on their content. This involves recruiting representative users of your website and setting them tasks to complete. Then you observe how easy it is for users to complete those tasks.

We’re keen on this approach to improving your web content because it is the best way to ensure the content being created is appropriate for the people it is intended for.


It was great to be involved in some of the content design for this project to help ensure the content was appropriate for the people intended. For future projects, we would love to be involved at an earlier stage so we can help embed a user-centred approach proactively instead of reactively. Speaking personally, I really enjoyed getting to grips with some of the complexities of MFA and the challenge of explaining this in simple terms to users.

Given the time constraints we had with this project, I thought about what we might have aspired to with more time. It seems clear that a simple explanation of a complex process is a good thing. But the best thing is for the process itself to be simple.

Here’s how the Government Digital Service put it:

Making something look simple is easy. Making something simple to use is much harder – especially when the underlying systems are complex – but that’s what we should be doing.

Government Design Principles

Universities have lots of systems and processes that are complex, and clearly written guidance can help us find our way through the weeds. But we shouldn’t lose sight of the promised land: processes that are simple in themselves. It’s not the snappiest rallying cry, but I think it’s something we should be aiming for.

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.