What is multifactor authentication (MFA)?
Multifactor authentication is when we try to log into an online account, platform, or service and are asked for more than just our username and password. We’re also asked for an additional piece of information – usually a short code. Without that extra step, we can’t log in.
When you log into your online bank account and your bank sends you a code by SMS to verify your identity, that is a type of MFA. Or when a social media platform detects that you are logging in from a new country or a new computer and, in order to verify that it's really you, sends you a code by email – that is also a type of MFA.
Why is multifactor authentication needed?
Since the dawn of the internet, passwords have been the main method to protect access to our online accounts.
But passwords alone have proved insufficient, and accounts are breached all the time. Sometimes, passwords get leaked because the website or platform has poor security practices, and an attacker simply buys passwords on the black market to log into our accounts. In other cases, our passwords are simply too weak – too short or too obvious – and attackers can "brute force" them by randomly trying all possible passwords until they hit the right one. Or, in another common scenario called "phishing", attackers trick us into entering our passwords into fake webpages, allowing them to capture our credentials and compromise our accounts.
