What is multifactor?
Multifactor (often called multifactor authentication or MFA) is a security method that requires you to prove who you are using two or more different types of evidence before you can access an account or system.
Let's break it down
There are three main kinds of factors:
- Something you know (a password, PIN, or answer to a secret question)
- Something you have (a phone, hardware token, or smart card)
- Something you are (a fingerprint, face scan, or voice pattern) MFA works by asking for at least two of these, so even if one factor is stolen, the attacker still can’t get in.
Why does it matter?
Because passwords alone are easy to guess, steal, or reuse, adding extra factors makes it much harder for hackers to break in. This protects personal data, financial information, and corporate resources from unauthorized access.
Where is it used?
- Online banking and payment services
- Email providers (e.g., Gmail, Outlook)
- Social media platforms (e.g., Facebook, Twitter)
- Corporate VPNs and remote work tools
- Cloud services (e.g., AWS, Azure, Google Cloud)
- Government and healthcare portals
Good things about it
- Significantly stronger security than passwords alone
- Helps meet regulatory and compliance requirements
- Reduces the impact of data breaches
- Gives users confidence that their accounts are protected
- Can be implemented with low‑cost options like SMS codes or authenticator apps
Not-so-good things
- Adds extra steps, which some users find inconvenient
- Requires a second device that can be lost, stolen, or run out of battery
- May be harder to use for people with disabilities or limited tech access
- Some methods (like SMS) can be vulnerable to SIM‑swap attacks
- Implementation and maintenance can increase costs for organizations.