Multi-Factor Authentication (MFA)

MFA requires two or more verification factors to prove identity.

Updated: 2026-03-05

Definition

Multi-Factor Authentication (MFA) strengthens login security by requiring at least two different factor types: something you know (password/PIN), something you have (phone/token), or something you are (biometrics).

It reduces the risk of account takeover when passwords are leaked, reused, or phished.

Key points

2FA is a subset of MFA (exactly two factors)
App-based TOTP or hardware keys are usually stronger than SMS
MFA improves security but does not eliminate phishing

Common mistakes

Thinking MFA always means SMS codes (it can be TOTP, push, or hardware keys).
Assuming MFA makes phishing impossible (attackers can still trick users or bypass weak flows).

Related exams

CompTIA Security+ (SY0-701)

Free Security+ SY0-701 mini test. Continue in the app for offline packs and detailed explanations.

Microsoft Azure Fundamentals (AZ-900)

Free AZ-900 mini test. Continue in the app for offline packs and detailed explanations.

AWS Certified Solutions Architect – Associate (SAA-C03)

Free SAA-C03 mini test. Continue in the app for offline packs and detailed explanations.

Related terms

Want to practice this in exam-style questions?

Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.

Go to exams