What is multi-factor authentication?
Multi-factor authentication, or MFA, adds an extra check when someone signs in. Instead of relying only on a password, it asks for another proof such as an authenticator app, approval prompt, passkey, or security key.
Simple example
A user enters their password for Microsoft 365 and then approves the sign-in using an authenticator app.
Why it matters
MFA can stop many account takeovers even when a password has been guessed, reused, or stolen.
Common warning signs
- The activity is unexpected or unusual for the business context.
- The request or system behaviour creates pressure to act quickly.
- Normal approval, verification, or security processes are bypassed.
- There are signs of unauthorised access, data exposure, or system change.
- Staff are unsure whether the request, message, or system behaviour is legitimate.
Cyber Doc view
This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.
What to do
Proactive steps
- Enable MFA on email, cloud, banking, accounting, and admin accounts.
- Prefer authenticator apps, passkeys, or security keys over SMS where possible.
- Require MFA for administrators and remote access.
- Review MFA methods regularly.
- Train users not to approve unexpected prompts.
Reactive steps
- If an unexpected MFA prompt appears, deny it and report it.
- Change the account password if compromise is suspected.
- Review sign-in logs and MFA methods.
- Remove unknown recovery emails, phone numbers, or devices.
- Reset sessions for affected accounts where possible.
Related terms
- Password spraying
- Credential theft
- Passkeys