Multi-Factor Authentication (MFA) is the “second step” when signing in that verifies you are who you are.
For example, imagine that your passwords are your key to get into a super secret bank vault (just like in the movies). MFA is the piece like the eye scanner or palm reader that sits on the wall to make it harder for bad guys to get in.
Examples of MFA (ranked best to worst):
- Apps (like Microsoft Authenticator, Authy, Google Authenticator, Duo, etc.) which provide popup push notifications
- Apps (like those above) generating numeric codes or hardware devices (like RSA or Yubikeys)
- SMS text messages sending you numeric codes
- Voice calls asking you to press # to approve
- Emails sending you a numeric code or a verification sign-in link
You should not use email (or preferably SMS) as an MFA method if possible. Use App or Hardware based options when available.
