Use multi-factor authentication when justified

Authentication is generally based on one of the three following things: something users know (e.g. password), have in their possession (e.g. a telephone), or that is part of them (e.g. fingerprint). Multi-factor authentication combines 2 or more identification methods.

Strong authentication ensures that the person identified is in fact that person. It makes impersonations, ID thefts, 'man in the middle' attacks etc., much more difficult.

Combining the password with a code sent by SMS or by app, or a 'USB Authentication key', are examples of multi-factor authentication.