← All glossary terms Glossary

What is Multi-Factor Authentication (MFA)?

A sign-in security control that requires something beyond a password — typically a phone, security key, or app prompt.

Multi-Factor Authentication (MFA) requires more than one form of evidence that you are who you say you are. The two most common combinations are password plus phone (text code or app prompt) or password plus hardware security key. MFA is the single most effective control against credential theft — the vast majority of account-takeover attacks fail when MFA is in place. Note that not all MFA is equal: phishing-resistant factors like FIDO2 security keys defeat attack patterns that simple SMS codes do not.

Keep learning

Related terms

Phishing

Fraudulent messages — by email, text, or phone — designed to trick someone into giving up credentials, money, or access to your systems.

Read definition →

Ransomware

Malicious software that encrypts your data and demands payment for the key — often combined with data theft and extortion.

Read definition →

Zero Trust

A security model that trusts no user or device by default — even inside the corporate network — and verifies every access request continuously.

Read definition →

Vulnerability Management

The ongoing process of finding, prioritizing, and fixing security weaknesses in your systems before attackers exploit them.

Read definition →

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team