Which statement about multifactor authentication (MFA) is true?

Using multiple verification factors strengthens login security by not relying on a single credential. Multifactor authentication combines at least two different types of factors: something you know (a password), something you have (a code from a phone or a hardware token), or something you are (biometrics). The statement that MFA adds a second factor to verify identity, helping protect against password-only compromises, captures this idea: even if a password is stolen, the attacker still needs the additional factor to gain access. MFA does not replace passwords entirely; in most setups the password remains the first factor and a second factor is added. It also doesn’t require biometrics for everyone in every case—many implementations use a code from a smartphone or a hardware token instead. And it doesn’t make password complexity irrelevant—strong passwords are still important, but MFA adds an extra barrier that greatly reduces risk from password theft.