What is Multi-Factor Authentication?

An authentication mechanism that requires users to present two or more independent verification factors before access is granted: something you know (password), something you have (hardware token or authenticator app), or something you are (biometric). MFA is one of the most effective single controls against account compromise, blocking over 99% of automated credential-stuffing and phishing attacks. Penetration tests routinely assess MFA implementations for bypass vulnerabilities such as OTP interception and SIM swapping.

Related terms