New security standards in IT seem to come everyday. 2FA, or MFA, which stands for either Two Factor Authentication or MultiFactor Authentication has been around for some time and is an absolute necessity in this era of constant digital exploitation. First, I help choose a method, Google Authenticator, Microsoft Authenticator, there are many choices and it is important the end user is comfortable with the type used. Email and SMS (text messaging) are the weakest forms but are better than nothing at all. Once setup, MFA will prevent most attempts at accessing an account and should be used whenever available. Accounts that it should be used on without question:  Bank Accounts. Admin Accounts for any system. Email access. Any other account that can draw money. For instance, I had a customer with who's merchant account was accessed and used to buy multiple gift cards. They then paid off the account because their bank account was linked to it already and then repeated the process. A total of 20K was stolen. Most of it was recovered after I was brought in. I helped them pull a credit report to identify all accounts under their name and then we went through the process of contacting each account, changing the password and adding MFA to each account to prevent future nefarious access. They repeated the same process for all accounts with purchasing options like Amazon, Sams Club, and even their utilities.