Home/Glossary/Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA)

An authentication method that requires users to provide two or more verification factors to gain access.

Identity & Access ManagementAlso called: "two-factor authentication", "2FA"

MFA combines something you know (password), something you have (hardware key, authenticator app), or something you are (biometrics).

Why it matters

  • Stops most credential-stuffing, phishing, and brute-force attacks.
  • Required for many compliance frameworks, including PCI DSS and Cybersecurity Maturity Model Certification (CMMC).

Implementation guidance

  • Prefer phishing-resistant methods like FIDO2 keys or WebAuthn.
  • Offer backup factors so productivity is not blocked.
  • Enforce MFA on privileged accounts first, then expand company-wide.

Related Tools

Related Articles

View all articles
Threat Modeling with STRIDE and DREAD: A Complete Guide to Proactive Security Architecture

Threat Modeling with STRIDE and DREAD: A Complete Guide to Proactive Security Architecture

Master threat modeling with STRIDE and DREAD frameworks to identify, classify, and prioritize security threats before they become vulnerabilities. This comprehensive guide covers data flow diagrams, mitigation mappings, MITRE ATT&CK integration, and building an enterprise threat modeling program.

Read article →
Lost Your Authenticator App? How to Recover Access and Prevent Future Lockouts

Lost Your Authenticator App? How to Recover Access and Prevent Future Lockouts

Lost your phone and can't access your accounts? Learn how to recover from authenticator app loss and set up cloud-synced backup strategies to prevent future lockouts.

Read article →
Azure AD Is Now Microsoft Entra ID: What Changed and What It Means

Azure AD Is Now Microsoft Entra ID: What Changed and What It Means

Microsoft renamed Azure Active Directory to Microsoft Entra ID. Learn what changed, what stayed the same, and how this affects your organization's identity management.

Read article →
Multi-Framework Compliance Mapping Guide: Unified Control Implementation for SOC 2, ISO 27001, HIPAA & More

Multi-Framework Compliance Mapping Guide: Unified Control Implementation for SOC 2, ISO 27001, HIPAA & More

Learn how to efficiently manage compliance across multiple frameworks. Master control mapping between SOC 2, ISO 27001, HIPAA, NIST, and PCI-DSS. Build a unified control framework to reduce redundant work and streamline audits with practical mapping tables and implementation strategies.

Read article →

Explore More Identity & Access Management

View all terms

Authentication vs Authorization

Authentication verifies who you are, while authorization determines what you can do.

Read more →

FIDO2

An open authentication standard that enables passwordless and phishing-resistant login using hardware security keys or platform authenticators.

Read more →

Identity and Access Management (IAM)

The policies and technologies used to verify identities, govern permissions, and log access across systems.

Read more →

Kerberos

A network authentication protocol that uses secret-key cryptography and trusted third parties to verify user and service identities without transmitting passwords.

Read more →

LDAP (Lightweight Directory Access Protocol)

An open, vendor-neutral protocol for accessing and maintaining distributed directory services over a network.

Read more →

OAuth (Open Authorization)

An open standard for delegated access authorization that allows applications to access user resources without exposing credentials.

Read more →
Back to glossary