Strengthening Security and Building Trust: Trust Waikato’s MFA Journey with Fluxx

In today’s digital landscape, the security of sensitive data, especially in philanthropy, has never been more critical. Trust Waikato, one of New Zealand’s twelve perpetual community trusts, took proactive steps to secure its grantee and organizational data by implementing Multi-Factor Authentication (MFA) within Fluxx. Led by Nita McNeil, Database and Information Manager, Trust Waikato’s approach highlights the power of preparation, communication, and community-centered thinking.

The Motivation: Rising Cyber Threats and Responsible Data Stewardship

Back in 2021, Trust Waikato managed sensitive data for over 4,000 users, including banking and grant records from community groups across New Zealand. At the time, New Zealand faced several high-profile cyberattacks, raising national awareness of cybersecurity risks. This climate, combined with Trust Waikato’s commitment to risk reduction, led the organization to adopt MFA as part of its broader security policy.

“Wherever MFA is available, we use it just to reduce our cyber risk,” shared Nita.

Thoughtful Timing and a Smooth Rollout

Understanding the importance of timing, Trust Waikato launched MFA during its quietest period in December. This gave early adopters time to register before the holiday break and allowed others ample opportunity to onboard ahead of the first grant round in February.

A robust internal rollout plan included:

• Staff training using the same resources created for grantees
• Communications testing and refinement
• Website guides, instructional videos, and emails tailored to both app and SMS options

Trust Waikato’s support model exemplified their deep respect for community accessibility. To eliminate barriers:

• Bullet point instructions and short videos were offered
• Common challenges—such as formatting international phone numbers—were anticipated and quickly addressed
• Real-time registration data was used to proactively support users

This strategic rollout ensured minimal disruption to grant cycles while supporting grantees with varying levels of technical experience.

A Surprising Benefit: Streamlined User Management

An unexpected upside? User cleanup. By tracking MFA registration, Trust Waikato identified inactive accounts and reduced its user base from over 4,000 to 1,900 active grantees.

“If they hadn’t set themselves up, we knew they weren’t really active,” Nita noted. “That’s how we now have an accurate list of users.”

Security Without Sacrifice

Initial concerns about added friction proved unfounded. Not only did MFA not deter applicants, it enhanced confidence and trust.

“Grantees love that their passwords don’t expire anymore,” said Nita. “They actually prefer MFA.”

For Trust Waikato, MFA didn’t just increase security, it also improved the user experience. It ensured that individuals completing applications were the rightful, authorized submitters, which was a vital improvement for an organization relying on a high-trust model.

Words of Wisdom for the Fluxx Community

Nita’s advice for others considering MFA?

• Choose a quiet time for implementation
• Prepare your staff first and involve them in testing
• Communicate clearly and across multiple formats
• Don’t reinvent the wheel—leverage existing resources from peers

“These days, I wouldn’t hesitate to recommend it to other Fluxx users.”

📚 Explore More:

Visit Trust Waikato’s website to access their publicly available MFA videos and step-by-step guides. Review our case study paper for additional information.

🔐 Interested in enabling MFA in your Fluxx system?

Contact your Fluxx representative or Customer Success Manager today to learn more about getting started.

Watch the conversation below