MFA requires users to prove they are who they say they are by providing two or more pieces of evidence (factors) when they go to log in. One factor is something the user knows, such as their username and password combination. Other factors are verification methods that the user has (such as an authenticator app or security key) or that the user is (such as biometrics). By tying user access to multiple, different types of factors, it’s much more difficult for a cyber-villain to gain entry to your Salesforce environment. Even if a user’s password is stolen, the odds are incredibly low that an attacker can guess or impersonate another, a secondary factor that the user physically possesses.