What is multi-factor authentication and why is it important?

Multi-factor authentication, or MFA, requires users to provide at least two different types of authentication factors before gaining access. Combining a password with a one-time code from a mobile authenticator app is MFA because it uses something you know and something you have. MFA dramatically reduces the risk of account compromise because an attacker must obtain multiple independent credentials. Even if a password is stolen through phishing, the attacker still needs the second factor. NIST SP 800-63B recommends MFA for all systems handling sensitive data.