Multi-factor authentication, or MFA, is a way of proving who you are using more than just a password. People often use the term interchangeably with two-factor authentication, or 2FA, since both involve adding a second step to logging in. The goal is to combine something you know (like a password) with something you have (like your phone) or something you are (like a fingerprint).
Behind the scenes, one of the most common methods uses time-based codes. When you use an app like Google Authenticator, your phone and the server both have a shared secret. They use that secret and the current time to generate a short code that changes every 30 seconds. When you enter the code, the server checks if it matches what it expects. If it does, you’re allowed in.
There are other types too, like push notifications, text messages, or physical keys. The reason this matters is because MFA is one of the best tools we have right now to protect accounts. Even if someone gets your password, that second layer can stop them cold. It's simple, but powerful.
