Multifactor authentication is a login control that requires two or more independent proofs of identity before access is granted. Common factors include something you know, such as a password; something you have, such as a hardware token or authenticator app; and something you are, such as a fingerprint. By combining factors, MFA makes stolen passwords much less useful to attackers.
MFA matters because credential theft is one of the most common paths into corporate systems, especially internet-facing portals, admin consoles, and vendor support platforms. In real attacks, criminals often try to bypass MFA through phishing, push fatigue, session theft, or by targeting weaker recovery processes. Defenders use MFA to reduce account takeover risk, protect privileged access, and add a second barrier when passwords are exposed. It is strongest when paired with phishing-resistant methods and careful monitoring for suspicious login attempts.