← Glossary · identity
Multi-Factor Authentication (MFA)
A login flow that requires two or more independent factors (something you know, have, or are).
Common MFA factors are TOTP codes from an authenticator app, push notifications to a phone, hardware keys (YubiKey, biometric), and SMS codes (the weakest, vulnerable to SIM-swap attacks). MFA enforcement is mandatory for SOC 2 Type II at the identity provider level, and increasingly required for buyer-vendor data sharing. Hardware key MFA is the gold standard for administrative accounts.