Multi-Factor Authentication (MFA)

Authentication & Authorization πŸ” β€’ Sec+ Glossary πŸ“– β€’ Security+ 02 β€’ Difficulty: free

What is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication, or MFA, is an authentication method that requires two or more different types of evidence to verify a user's identity before access is granted.

Examples

  • An employee signs in with a password and then approves a prompt on an authentication app.
  • A user accesses a VPN by entering a password and a temporary code generated by a hardware token.

Discover πŸ”Ž

A password alone is often not enough to prove identity safely. Passwords can be guessed, reused, stolen through phishing, captured by malware, or exposed in breaches far away from the system the attacker ultimately wants to access. If one secret is all that stands between an attacker and a valid login, the security of the whole account rests on something that is frequently lost or reused.

Multi-Factor Authentication exists to reduce that weakness. Instead of asking for one piece of proof, the system asks for more than one type. This makes account compromise harder because the attacker must defeat multiple forms of trust, not just one.

Remember: MFA is not β€œusing two passwords.” It means using different categories of proof, not repeating the same kind of proof twice.

Summary πŸ“

Multi-Factor Authentication strengthens identity verification by requiring more than one type of proof before access is granted. Its core value is that one stolen password or one guessed secret is no longer enough to compromise the account easily. MFA is most effective when it uses strong factor types, is applied consistently to important systems, and is supported by good user awareness and secure recovery processes.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.