What it is: A login security method that requires two or more factors.

What it’s for:

• Protect IAM users from password theft.
• Add stronger security for sensitive actions (can be enforced via IAM policy conditions).

Common MFA factors:

• Something you know: password
• Something you have: authenticator app / hardware token
• Something you are: biometrics

Key ideas:

• MFA is commonly enabled for IAM users (console access).
• You can require MFA for specific actions using policy *conditions*.

Exam cues:

• “secure root account” → enable MFA.
• “require MFA for deleting S3 buckets / changing IAM” → policy condition `aws:MultiFactorAuthPresent`.

Hard words (English + IPA + Vietnamese meaning):

• *multi-factor* /ˌmʌlti ˈfæktər/: đa yếu tố
• *authentication* /ɔːˌθentɪˈkeɪʃn/: xác thực
• *biometrics* /ˌbaɪoʊˈmetrɪks/: sinh trắc học
• *condition* /kənˈdɪʃn/: điều kiện