Why Does My MFA Require Numbers?

Now that you have set up Multi-Factor Authentication for all your accounts (right??), you may be wondering what all the numbers are about.

At a high level MFA is about verifying that the person logging in is you and not some random person who has your password. This is most easily done with something that only you have, such as an app on your phone. Originally sites would send a "yes/no" type of approval request. Security experts discovered that people who received many such prompts would sometimes approve the request just to get the prompts to stop. This of course grants the hacker access to the account.

The solution is to have you, person with the phone, enter a number that is shown on the login screen. Thus you can either see that number, or else the hacker is the only one who can see that number, and approval is far more difficult because you would have to guess it in order to let the hacker in.

Sometimes apps can show a location for the login as well, though they generally base it on the person's IP address, which is often not precise enough to pinpoint a city name.

November 2025

Send this article to a friend!
Subscribe to The ITS Connection

Related articles

• Easily Block 99.9% of Password Hacks
• One Successful Phish Can Kill Your Business
• Microsoft 365 Is Better Than Legacy Email
• Return to article list