I’m going to mention some products and apps I use in this post. I am not affiliated with them and these should not be perceived as recommendations from my employer.
Let’s start with some definitions. MFA stands for multi-factor authentication, which you might also know as 2FA (two-factor authentication) or 2SV (two-step verification). You sign in to an online account using your username and password, and then you have to enter a code from a text message, call, or app, or you might approve a push notification in an app. You might also plug in a security key — I have a couple of Yubikeys.
At first it feels inconvenient to have that extra step, but it stops attackers or bots from getting into your accounts if they have your password, because chances are they don’t have your phone, biometric data, or security key. You’ve probably seen simulated phishing emails as part of your IT training that might be trying to trick you into typing your work account address and password into a website that will steal them. If you do unfortunately fall victim to this, MFA will protect you if someone tries to log in with your credentials. A commonly quoted statistic is that MFA will prevent about 99% of account breaches.