MFA and/or 2FA are a step beyond the plain old password system.
When you have to “log in” to a site or service you have to use a username (often your email address) and a password. MFA and/or 2FA (Multi Factor Authentication or Two Factor Authentication) adds an extra step to the process.
Why aren’t passwords enough?
Passwords for services and/or sites are vulnerable and not just because people often use pet names and/or birth dates for them.
The idea of forcing people to use a minimum of 8 characters, at least 1 upper case, 1 lower case and 1 number and sometimes even at least 1 special character has long since (2017) been denounced by their author (Bill Burr) and is no longer considered gold standard as they’re too hard for humans to remember and comparatively easy for modern computers to “brute force.”
Another idea that’s long fallen from grace is that of forcing users to change their passwords regularly as it tends to lead to far too many people putting the passwords on post-it-notes stuck to their monitors… hardly good security!
The new gold standard for passwords is the “Pass Phrase” so for example a line from a favourite song, poem or book etc… They can be much longer, thus harder for computers to crack but at the same time much easier for the human who created it to remember.
So why this extra step?
Even if you have gold standard passwrod practices, you have a nice long pass phrase, you use a different one for every log in you have (yes every single one of them!) and you haven’t got them stuck on notes on public display and even if your computer has no malware infections, you have no control over how securely your password is kept at the other end. Microsoft, Apple, Sony, all the major telcos etc… have all had security breaches where user names and passwords were compromised. You can check to see if yours has been compromised here: https://haveibeenpwned.com
The beauty of MFA/2FA is that it doesn’t matter if someone knows your username and password because they still need to fulfil this extra step, either an SMS, an email or an authenticator app for example. So, while it’s a pain, it’s really the only way you can be secure in this increasingly uncertain world.
