Multi-Factor Authentication (MFA) is a security mechanism that requires users to provide two or more independent verification factors before gaining access to a system or application. These factors typically fall into three categories: something you know (password or PIN), something you have (security token, smartphone, or smart card), and something you are (fingerprint, facial recognition, or other biometrics).
MFA is one of the most effective controls against credential-based attacks, significantly reducing the risk of unauthorised access even when passwords are compromised. It is mandated or strongly recommended by virtually every security framework and regulation, including ISO 27001, NIS2, DORA, and PCI DSS, and is considered a baseline security requirement for access to sensitive systems and data.