Multi-factor authentication (MFA) is a security control that requires users to provide multiple forms of authentication in order to access a system or resource. The idea behind MFA is to make it more difficult for an attacker to gain unauthorized access to a system by requiring them to possess multiple forms of authentication rather than just a single password.

There are several types of MFA that can be used, and they can be grouped into three general categories: something the user knows (e.g., a password or PIN), something the user has (e.g., a security token or smartcard), and something the user is (e.g., a fingerprint or facial recognition).

The most common form of MFA is two-factor authentication (2FA), which requires two forms of authentication. A widely adopted form of 2FA is using a password and then having a text sent to your phone as a second factor.

For example, when a user attempts to log into a system, they would first be prompted to enter their username and password. Once this information is entered, an authentication code would be sent to the user’s phone via SMS or a mobile app, which the user would then be prompted to enter. Only after both the username and password, and the authentication code have been verified as correct, would the user be granted access to the system.

Using MFA helps to ensure that even if an attacker is able to obtain a user’s password, they will not be able to access the system without also having possession of the second form of authentication.