MFA stands for Multi-Factor Authentication. It’s a sign-in method that requires more than just a password (a single factor). With multi-factor authentication, two or more verification methods are combined. Two-factor authentication (2FA) is a common form of MFA.
What the “factors” mean (for verification)
- Something you know — password, PIN, security question.
- Something you have — mobile phone, authenticator app, hardware token, smart card.
- Something you are — biometrics (fingerprint, face recognition, retina/iris scan).
Examples of multi‑factor authentication:
- Email sign‑in: enter your password (factor 1) and then a code from an authenticator app (e.g., Microsoft Authenticator, Google Authenticator) on your phone (factor 2).
- Online banking: password + approve a push notification in a mobile banking app or enter a one-time code sent via SMS (text message).
In short
- MFA = a little less convenient than passwords alone, but much more secure and less dependent on user discipline.
- Improves protection against account takeover and identity theft.
- Reduces the risk of successful attacks if passwords are phished or leaked.
- Now standard in banking, cloud apps (Microsoft 365, Google Workspace), and business systems for small and mid-sized businesses (SMBs).