Multi-Factor Authentication (MFA)
A security method requiring two or more independent forms of verification before granting account access, making stolen passwords alone insufficient for attackers.
Also known as: Two-Factor Authentication, 2FA, Two-Step Verification
Last reviewed: 10 June 2026
Multi-factor authentication requires users to verify their identity using at least two distinct factors: something you know (a password or PIN), something you have (a phone or hardware key), or something you are (a fingerprint or face scan). Because an attacker who steals your password still lacks the second factor, MFA dramatically reduces the risk of account takeover even after a data breach.
From a consumer-protection standpoint, enabling MFA on banking, email, and social-media accounts is one of the highest-impact security steps anyone can take. Scammers routinely attempt to bypass or defeat MFA rather than brute-force it, so understanding how your MFA works is as important as having it enabled.
Not all MFA is equally secure. SMS-based codes are the most common but the most vulnerable to SIM-swapping and interception attacks. Authenticator apps and hardware security keys offer substantially stronger protection and are recommended for high-value accounts.