MFA
Definition
Multi-Factor Authentication - security method requiring two or more verification methods. Like needing both a key and fingerprint to open a safe.
Use Cases
- Google: Protecting employee accounts and reducing account takeover risk — Google has long required stronger sign-in protections for many users, including multi-factor authentication and security keys through its BeyondCorp and account security programs. (Google has publicly reported that security keys were highly effective in preventing phishing-based account takeovers for employee accounts.)
- Microsoft: Securing enterprise identities in Microsoft 365 and Azure environments — Microsoft recommends and enables MFA through Microsoft Entra ID for administrators and end users, often using authenticator apps, push notifications, or FIDO2 security keys. (Microsoft has stated that enabling MFA blocks the vast majority of password-based account compromise attempts.)
- GitHub: Protecting developer accounts and software supply chains — GitHub rolled out mandatory MFA for code contributors and maintainers using authenticator apps, security keys, or other supported second factors. (This improves account security for developers and helps reduce the risk of unauthorized access to repositories and software release pipelines.)
Provider Equivalents
- AWS: AWS Identity and Access Management (IAM) MFA
- Azure: Microsoft Entra ID Multi-Factor Authentication
- GCP: Google Cloud Identity and Google Workspace 2-Step Verification
- OCI: Oracle Cloud Infrastructure Identity and Access Management MFA
Frequently Asked Questions
- What's the difference between MFA and 2FA?
- 2FA, or two-factor authentication, is a type of MFA. MFA means using two or more verification factors, while 2FA specifically means exactly two. For example, a password plus a code from an authenticator app is 2FA and also MFA. If a system requires three checks, such as a password, phone approval, and fingerprint, that is MFA but not 2FA.
- When should I use MFA?
- You should use MFA anywhere account security matters, especially for email, banking, cloud admin accounts, VPN access, developer tools, and systems with customer or company data. It is especially important for privileged users such as administrators, finance staff, and developers. In cloud environments, MFA should be enabled by default for all human users and strongly enforced for admin access.
- How much does MFA cost?
- The cost depends on the method and platform. Many cloud identity platforms include basic MFA features in existing subscriptions. Authenticator apps are often free, while SMS may create telecom costs. Hardware security keys usually require a one-time purchase per user. Advanced MFA features such as conditional access, risk-based policies, and detailed reporting may require higher-tier identity or security licenses.
Category: security
Difficulty: intermediate
Related Terms
See Also