Multi-factor authentication requires more than one independent kind of proof so a password alone is not enough to log in.
Multi-factor authentication, usually shortened to MFA, requires more than one independent type of proof during login. In plain language, it means a password alone is not enough. The user must also provide another factor, such as a hardware key, biometric check, or one-time code.
MFA matters because passwords are frequently stolen, guessed, reused, or phished. Requiring an additional factor makes it much harder for someone to take over an account with only a password or one compromised secret.
It also matters because not all accounts carry the same risk. Administrator accounts, remote access paths, and identity-provider logins are especially sensitive. MFA is one of the most widely used controls for reducing the likelihood that one credential theft event becomes a larger breach.
MFA appears in workforce SSO, VPN access, cloud administration, password reset flows, privileged operations, and customer logins. Some organizations require MFA on every login, while others trigger it based on device trust, risk signals, or the sensitivity of the resource being accessed.
Security teams also rely on MFA in incident response and recovery. When an account shows suspicious behavior, stronger factor requirements can reduce abuse while access is being reviewed.
An employee enters a username and password for the company identity provider, then confirms the login with a hardware-backed device prompt. If the password had been stolen through phishing, the attacker would still need the second factor to complete the authentication attempt.
MFA does not simply mean “two screens during login.” The important idea is that the factors are different and independent. Entering two passwords is still not multi-factor authentication.
It is also different from Single Sign-On. SSO lets one authenticated session reach multiple applications. MFA strengthens the proof of identity during that login. The two are often used together, but they solve different problems.