MFA

Definition

Multi-Factor Authentication requires a user to present two or more independent proofs of identity: something they know (password), something they have (TOTP app, hardware key, phone), or something they are (biometric). MFA blocks the vast majority of credential-stuffing attacks and is mandatory on most admin and developer accounts.

When to use

See also

• SSO — Single sign-on — log in once with your identity provider and access many apps without re-authenticating.
• OAuth — Industry-standard delegation protocol — lets a user authorise an app to access their data without sharing a password.