> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

<AgentInstructions>

## Submitting Feedback

If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:

POST https://auth0.com/feedback

```json
{
  "path": "/docs/secure/multi-factor-authentication",
  "feedback": "Description of the issue"
}
```

Only submit feedback when you have something specific and actionable to report.

</AgentInstructions>

> Describes how multi-factor authentication (MFA) works in Auth0.

# Multi-Factor Authentication (MFA)

<Card title="Overview">
  Multi-factor Authentication (MFA) is another method of securing your application and your users' identities. MFA adds a layer of security during login that requires users to provide more than one credential to prove their digital identity. Factors can be:

  * Something you are - like a biometric
  * Something you know - like a password
  * Something you own - like a device

  Read this Q\&A to see if using MFA with your Auth0 instance is the right choice for you.
</Card>

## What is multi-factor authentication?

<Tooltip tip="Multi-factor authentication (MFA): User authentication process that uses a factor in addition to username and password such as a code via SMS." cta="View Glossary" href="/docs/glossary?term=Multi-factor+authentication">Multi-factor authentication</Tooltip> (MFA) is a user verification method that requires more than one type of user validation. It prevents <Tooltip tip="Bad Actors: Entity (a person or group) that poses a threat to the business or environment with the intention to cause harm." cta="View Glossary" href="/docs/glossary?term=bad+actors">bad actors</Tooltip> from accessing an account even if they've acquired the username and password.

## Why use multi-factor authentication?

MFA reduces the likelihood of many types of cyber-attacks. It's common for third parties to steal user names and passwords or programmatically attack user accounts. An additional MFA factor, such as a thumbprint or one-time password, impedes these violations.

## How does multi-factor authentication work?

MFA works by requiring additional verification information (known as factors). Users can't log in using only user names and passwords. They must provide further proof of identity, such as face recognition or text message notifications.

## MFA factors

<Warning>
  MFA factors are subject to plan availability; some are only available on Professional and Enterprise plans. To learn more, read [Auth0 Pricing](https://auth0.com/pricing).
</Warning>

Auth0 supports a variety of MFA factors, including:

* Push notifications
* SMS notifications
* Voice notifications
* One-time passwords
* WebAuthn with security keys
* WebAuthn with device biometrics
* Email notifications
* Cisco Duo security
* Recovery codes

To learn more, read [Multi-Factor Authentication Factors](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors).

## Enable MFA

To learn how to enable MFA, read [Enable Multi-Factor Authentication](/docs/secure/multi-factor-authentication/enable-mfa).

## Customize MFA

You can also use [Auth0 Actions](/docs/customize/actions) to customize your MFA flow. You can require MFA only in specific circumstances or force use of a particular factor.

## Learn more

* [Multi-Factor Authentication Factors](/docs/secure/multi-factor-authentication/multi-factor-authentication-factors)
* [Enable Multi-Factor Authentication](/docs/secure/multi-factor-authentication/enable-mfa)
* [Customize Multi-Factor Authentication Pages](/docs/secure/multi-factor-authentication/customize-mfa)
* [Multi-Factor Authentication Developer Resources](/docs/secure/multi-factor-authentication/multi-factor-authentication-developer-resources)
* [Auth0 Guardian](/docs/secure/multi-factor-authentication/auth0-guardian)