What is MFA (Multi-Factor Authentication)?
Turkish: MFA
MFA protects sign-ins by requiring extra factors such as an authenticator app, device prompt, biometrics, or a security key.
What is MFA?
MFA (Multi-Factor Authentication) is an authentication approach that asks for more than one type of proof during sign-in. It reduces the chance that a stolen password alone can open an account.
Factor Types
MFA usually combines at least two of these groups: something the user knows, such as a password; something the user has, such as a phone, hardware key, or authenticator app; and something the user is, such as fingerprint or face recognition. TOTP apps, push approvals, and FIDO2/WebAuthn security keys are common options. SMS codes are still used, but SIM swap and phishing risks make them weaker.
Business Use and Risks
MFA is a key control for admin panels, email accounts, cloud consoles, VPN access, and financial operations. A rollout should define recovery codes, lost-device handling, required user groups, and session policies.
2FA is the most common two-factor form of MFA. OAuth2 does not itself define MFA, but an identity provider can require MFA during OAuth-based sign-in.
Related Terms
2FA adds a second proof, such as an authenticator app, SMS code, or security key, on top of a password during sign-in.
OAuth 2.0OAuth 2.0 is an authorization framework that allows third-party applications to access resources without the user's password.
PasskeyA passkey is a phishing-resistant sign-in method that uses a device-held private key plus biometric or PIN approval instead of passwords.
WebAuthnWebAuthn is a web standard that lets browsers use security keys and passkeys for strong, passwordless authentication.
Zero Trust SecurityZero Trust continuously validates each user, device, and request by identity, context, and permission instead of trusting network location.