Some fascinating insights here, thanks for sharing.
Regarding multi-factor authentication not being a barrier to signing up, do you have an understanding if this about broadly multi-factor authentication not being as much of an issue for users as perceived?
Or, do users have an expectation of multi-factor authentication when signing up to a gov account (e.g. increased security due to higher levels of sensitivity around data), and are therefore more likely to push through with it?