Identity & Access ManagementAlso called: "two-factor authentication", "2FA"
MFA combines something you know (password), something you have (hardware key, authenticator app), or something you are (biometrics).
Why it matters
- Stops most credential-stuffing, phishing, and brute-force attacks.
- Required for many compliance frameworks, including PCI DSS and Cybersecurity Maturity Model Certification (CMMC).
Implementation guidance
- Prefer phishing-resistant methods like FIDO2 keys or WebAuthn.
- Offer backup factors so productivity is not blocked.
- Enforce MFA on privileged accounts first, then expand company-wide.
Related Tools
Explore More Identity & Access Management
View all termsAuthentication vs Authorization
Authentication verifies who you are, while authorization determines what you can do.
Read more →Identity and Access Management (IAM)
The policies and technologies used to verify identities, govern permissions, and log access across systems.
Read more →Privileged Access Management (PAM)
A framework for securing and auditing accounts with elevated permissions, such as admins, service accounts, and break-glass users.
Read more →Session Management
The process of securely maintaining user state and authentication across multiple HTTP requests.
Read more →