Minimizing MFA prompts should also be a key consideration. By implementing modern adaptive MFA, the second authentication factor challenges are only surfaced under more risky scenarios, such as when the login occurs off the corporate network.
Moreover, organizations can apply strict MFA policies for business-critical apps or privileged users, providing an effective layer of defense against spear-phishing attacks.
Finally, MFA can prevent man-in-the-middle attacks by ensuring that if credentials are stolen in transit, a second factor is still required to access the account. Even more sophisticated attacks that attempt to steal a one-time password as part of the attack can be prevented by leveraging more secure authenticators like a U2F security key. In light of these identity risks, NIST has recommended organizations implement MFA as part of their Digital Identity Guidelines.