The Elephant in the Room: How Multi-Factor Authentication Came About
First published: Saturday October 4th, 2025
Report this blog
Notes (PLEASE READ THESE BEFORE READING THE ACTUAL CONTENT OF THE BLOG):
1. I am not sure if this is what the creator of MFA would actually say or think; I simply decided to write this because I was getting annoyed with MFA.
2. This blog is presented from the perspective of the "creator" of MFA, so the first-person pronouns do not refer to myself.
Hello everyone, welcome to this talk on the subject of Multi-Factor Authentication, also called MFA. So, a lot of you have probably encountered MFA at least once in your lives, and you probably can relate yourself grabbing your phone and typing in verification codes or whatever, just to be able to log into your favorite websites, be it social media, entertainment, or pretty much anything else.
Well, if you’ve had this for long enough, you might be getting annoyed with it, thinking, “why do I need this annoying verification stuff if there’s already a password verification happening?” And I’m here to tell you: they’re supposed to make your account safer and less prone to malicious attackers out there. “And what’s the point of that,” you ask, “aren’t we already pretty safe with passwords all over the place? On top of that, I haven’t seen any hackers in my entire life!” Okay, listen, you might not have seen hackers, but they do exist. And they’re super smart. Heck, maybe they’re the smartest people in the world! It really seems that the smartest people are the most evil ones!
All right, that was a bit off-topic. But what I’m trying to say is, passwords alone aren’t safe enough. Actually, they’re far from safe. You see, in the early days of the internet, smart hackers devised many different ways to hack their way into password-protected accounts: brute-force, guessing common combinations, modifying passwords to whatever they want… you name it. So to solve that problem and stop hackers from easily bypassing password protection, we invented what’s now called Multi-Factor Authentication.
Okay, so “multi” means “two or more”. Actually, at first, there was only the so-called “Two-Factor Authentication” or TFA, which as the name suggests only requires two factors: a password, and a verification code or something from a different source, like a message on your phone or your email. When it first came about, TFA worked pretty well. But what happened next? Well, you guessed it, hackers got even smarter and managed to hack their way into TFA protected accounts. And that’s why we introduced Multi-Factor Authentication, to make it even harder for hackers to get their things done.
All right. Do you think the story is over? Do you think MFA is completely safe from hackers? If you think so, you’d be pretty naive. They are still far from being completely safe. Sure, our security measures are getting better. But at the same time, the hackers are getting better, too. They’ve been devising ways to bypass MFA protection since day one of its introduction. And as cybersecurity experts, we are always committed to protecting the innocent general public against these malicious hackers.
Now for the really bad news. To be able to protect people against evil minds, we have to make things a bit more annoying to everyone. We didn’t want to do it – no one wanted to do it. But that’s what we have to do, because of the human nature of being evil, selfish, and greedy. And as hackers continue to get better, we will have to introduce ever more complex and possibly annoying things to you, just to keep those intruders at bay. I hope you can understand, but even if you don’t, MFA isn’t going anywhere anytime soon. Unless human nature gets better, of course, and everyone wishes to make ethical choices right from their birth. But all that looks like a pipe dream right now.
Thank you.