What is MFA (Multi-Factor Authentication)?

Turkish: MFA

MFA protects sign-ins by requiring extra factors such as an authenticator app, device prompt, biometrics, or a security key.

What is MFA?

MFA (Multi-Factor Authentication) is an authentication approach that asks for more than one type of proof during sign-in. It reduces the chance that a stolen password alone can open an account.

Factor Types

MFA usually combines at least two of these groups: something the user knows, such as a password; something the user has, such as a phone, hardware key, or authenticator app; and something the user is, such as fingerprint or face recognition. TOTP apps, push approvals, and FIDO2/WebAuthn security keys are common options. SMS codes are still used, but SIM swap and phishing risks make them weaker.

Business Use and Risks

MFA is a key control for admin panels, email accounts, cloud consoles, VPN access, and financial operations. A rollout should define recovery codes, lost-device handling, required user groups, and session policies.

2FA is the most common two-factor form of MFA. OAuth2 does not itself define MFA, but an identity provider can require MFA during OAuth-based sign-in.