Multi-factor authentication (MFA), or two-factor authentication (2FA) is an authentication method in which a user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism. For example, these two factors can be user's password and a one-time password generated with a third-party authenticator app.

A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and frequently changing code to use for authentication.

To make the MFA resilient to SMS attacks, none of the factors should be an SMS text received on the user's device.

Note that the TPA can still be vulnerable against other attacks, such as malicious accessibility services.