What is multi-factor authentication (MFA)?

Multi-Factor Authentication (MFA) requires users to provide two or more verification factors from different categories: (1) Something you know: password, PIN, security question. (2) Something you have: physical token, authenticator app (TOTP — Google Authenticator), SMS OTP, hardware key (YubiKey). (3) Something you are: biometrics (fingerprint, face recognition). MFA dramatically reduces the risk of account compromise — even if a password is stolen, the attacker still needs the second factor. TOTP (Time-based One-Time Password) is more secure than SMS (which is vulnerable to SIM swapping). Hardware security keys (FIDO2/WebAuthn) are the most phishing-resistant MFA method. Organizations should require MFA for all privileged accounts, admin panels, and sensitive data access.