MFA (Multi-Factor Authentication) - What it is and the safest ways to use it

MFA (Multi-Factor Authentication)

What it is

Multi-Factor Authentication (MFA) adds an extra check when you sign in, so it is not just a password. You confirm with something you know (password) plus something you have or are. For a short primer, see our MFA explainer.

Why it matters

If a password leaks, MFA is the speed bump that stops account takeovers. It is one of the highest impact, lowest effort protections you can turn on today.

How it works - quick tour

  • Password + one more factor to prove it is really you

  • Something you have: phone code, authenticator app, hardware key

  • Something you are: fingerprint or face on a trusted device

  • Step-up prompts for risky logins, new devices, or unusual locations

Good choices in order

  1. Hardware security key (phishing resistant)

  2. Passkeys or platform biometrics

  3. Authenticator app codes or push approvals

  4. SMS codes only if nothing else is available

Quick setup tips

  • Turn on MFA for email, banking, cloud storage, socials first

  • Prefer keys, passkeys, or app codes over SMS

  • Generate backup codes and store them safely offline

  • Add two sign-in methods so you are not locked out if a phone is lost

  • For teams: require MFA with SSO and review exceptions regularly

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Form-Based Authentication

        What it is Form-based authentication is the login box you see on most websites. A page asks for your username and password, then the app checks them and signs you in if they match. How it works - quick tour You enter credentials in a web form and ...

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...

      • Data Breach Prevention

        Why it matters Breaches drain money, trust, and time. Strong basics turn scary “what ifs” into non-events: a phish gets ignored, a stolen password is useless, a lost laptop holds only encrypted gibberish. The short, smart checklist MFA everywhere: ...

      • Security Software

        What it is Security software is a set of apps and services that protect your devices and data from hackers, malware, and mistakes. It covers tools like antivirus/anti-malware, firewalls, VPNs, email and web filters, intrusion detection/prevention, ...

      • Brute Force Attack

        What it is A brute force attack is password guessing on turbo. An attacker tries lots of combinations - sometimes millions - until one works. It’s not clever, just relentless, and it targets anything with a login or key: email, Wi-Fi, cloud apps, ...