When MFA is enabled, users must provide a verification method in addition to their username and password. MFA requires strong verification methods only — that is, methods that a user has in their possession