Multi-Factor Authentication (MFA)
A security mechanism requiring two or more forms of verification before granting access.
Full Definition
Multi-Factor Authentication (MFA) is a security mechanism that requires users to provide two or more verification factors to gain access to an account or system. The three authentication factor categories are: something you know (password), something you have (hardware token, authenticator app), and something you are (biometrics).\n\nMFA significantly raises the cost of credential-based attacks — even if a threat actor obtains a user's password through a breach or phishing, they cannot log in without the second factor. However, MFA is not impenetrable: SIM swapping, MFA fatigue attacks (push notification spam), adversary-in-the-middle (AiTM) phishing, and session cookie theft can all bypass certain MFA implementations.\n\nInfostealers that capture active session cookies effectively bypass MFA entirely, as the session is already authenticated. This highlights the importance of session management and short session lifetimes alongside MFA enforcement.
Related Terms
Account Takeover (ATO)
Unauthorized access to a user account by exploiting stolen credentials.
Attack TypesPhishing
A social engineering attack using deceptive emails or messages to steal credentials or deliver malware.
Attack TypesSession Hijacking
Taking over an authenticated user session by stealing the session token or cookie.
Attack TypesCredential Stuffing
Automated injection of stolen username/password pairs to gain unauthorized access to accounts.
Attack TypesMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.