Truly popularized in the mid-2000s, multi-factor authentication (MFA) has been security practitioners’ go-to response whenever someone asks, “what can I be doing right now to protect my data and accounts?” It’s often listed as a default best practice to defend against many cyber attacks and attack vectors such as phishing, business email compromise (BEC), keystroke logging, brute force, and certain types of man-in-the-middle (MiTM) attacks. Recent events, however, have called into question MFA’s capabilities to...