Multi-Factor Authentication (MFA) is a login control that asks for more than one proof of identity before granting access. Typical factors include something you know, such as a password; something you have, such as an authenticator app, hardware key, or phone prompt; and something you are, such as a biometric check. By adding a second factor, MFA makes stolen passwords far less useful.
MFA matters in cyber security because password theft is common in phishing, credential stuffing, and malware-driven account theft. In real attacks, criminals often try to bypass MFA by stealing session cookies, tricking users with push fatigue prompts, abusing legacy protocols that do not enforce MFA, or taking over recovery methods and admin accounts. Defenders use MFA to protect email, VPNs, cloud consoles, and remote access, then monitor sign-ins for unusual locations, device changes, and repeated failures. Strong MFA is one of the most effective ways to reduce account takeover risk, especially for privileged users.