Multi-Factor Authentication (MFA)

What MFA actually is

Multi-factor authentication (MFA) means you need two things to sign in:

• Something you know (your password)
• Something you have (your phone, an app, or a security key)

Even if someone steals your password, they usually can’t get past the second step.

What MFA looks like in real life

1. You enter your email and password.
2. The site asks for a code or approval.
3. You open an app or receive a prompt on your phone.
4. You approve the sign-in.

This usually takes less than 10 seconds.

Common MFA methods (strongest to weakest)

• Authenticator apps (recommended)
• Push notifications
• Text messages (SMS)
• Hardware security keys

Accounts you should protect first

• Email accounts
• Banking and payment accounts
• Cloud storage
• Social media

Simple setup checklist

1. Enable MFA on your email account first.
2. Use an authenticator app instead of SMS if possible.
3. Save backup codes offline.
4. Add MFA to financial and work accounts next.