Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.
2.2.3. Multi-Factor Authentication (MFA)
💡 First Principle: MFA requires multiple forms of identity verification, dramatically reducing the risk of compromised credentials. Even if a password is stolen, the attacker lacks the second factor.
Scenario: All users have smartphones. You need to implement MFA without additional hardware costs.
MFA Methods and Costs
| Method | Requirements | Additional Cost |
|---|---|---|
| Microsoft Authenticator app | Smartphone | None |
| SMS verification | Phone with SMS | None |
| Voice call verification | Phone | None |
| OATH software tokens | Third-party app | Third-party license |
| OATH hardware tokens | Physical token | Token purchase |
| FIDO2 security keys | Hardware key | Key purchase |
| Windows Hello for Business | Windows device | None (Windows only) |
⚠️ Exam Trap: Thinking all MFA methods are equal in security. SMS is vulnerable to SIM-swapping attacks. For high-security scenarios, use phishing-resistant methods like FIDO2 keys or Windows Hello for Business.
Implementing MFA
- Per-User MFA: Legacy method, enabled per user
- Conditional Access MFA: Recommended, policy-based approach
- Security Defaults: Free, basic MFA for all users (good starting point)
Written byAlvin Varughese
Founder•15 professional certifications