Multi-factor authentication (MFA).
In plain English
Multi-factor authentication, or MFA, requires more than just a password to log in, adding a second factor: something you have, like a code from an app or a hardware key, or something you are, like a fingerprint. Because an attacker would need both your password and that second factor, MFA blocks most account takeovers even when a password is stolen or guessed. Not all second factors are equal: codes from an authenticator app or a physical security key are stronger than codes sent by text, which can be intercepted through SIM swap fraud. Turning on MFA, especially for email and banking, is one of the highest-value security steps available.
01Why it matters
Passwords are regularly stolen in breaches, so MFA is what keeps a leaked password from becoming a lost account, making it one of the simplest and strongest protections for your money and email.
02The math, step by step
After entering your password, your bank asks for a code from an authenticator app. A thief who bought your password in a data breach still cannot get in without your phone and that app. Choosing app-based or hardware codes over text codes closes the SIM-swap gap.
03What this is NOT
It is not just a better password. MFA adds a separate second step beyond the password entirely, so even a fully compromised password is not enough on its own. A strong password and MFA do different jobs and work best together.
04Receipts
Every figure on this page is sourced to a primary document. Tap to open the original.