Multi-Factor Authentication (MFA) is a security method that requires users to verify their identity in at least two different ways before gaining access to an account or system. It is a significant defence against account takeovers and credential stuffing attacks.
How does MFA work?
When you log in with MFA enabled, you'll first enter your username and password. Then, you'll need to provide at least one additional form of verification before being granted access. This typically involves:
- Something you know (like a password)
- Something you have (like your phone)
- Something you are (like your fingerprint)
What are common types of MFA?
- OTP Email: A one time password is sent to the account email address.
- Text messages (SMS): A code is sent to your phone
- Authenticator apps: Generate temporary codes on your smartphone
- Security keys: Physical USB devices you plug into your computer
- Biometrics: Fingerprints, face scans, or voice recognition
- Push notifications: Approve login requests through a mobile app
MFA significantly increases account security. Even if someone steals your password, they still can't access your account without the second verification method.