What is MFA (Multi-Factor Authentication)?

An authentication method that requires two or more verification factors — something you know, something you have, or something you are.

Full explanation

MFA blocks the overwhelming majority of credential-stuffing attacks. TOTP (Google Authenticator), WebAuthn (passkeys), and hardware security keys are the three modern factors. SMS-based 2FA is still better than nothing but vulnerable to SIM-swapping. Enforce MFA on every admin account, every cloud console, every SaaS with data.

Example

Signing into GitHub requires password + TOTP code. If your password leaks, the attacker still cannot authenticate without the second factor.

Guide

Session security — revocation, idle timeout, rotation

FAQ

Is SMS MFA safe?

Better than nothing, but SIM-swapping attacks make it the weakest form. Use TOTP or WebAuthn wherever possible.

What is MFA (Multi-Factor Authentication)?

Full explanation

Example

Related

FAQ