Most implementations of multi-factor authentication (MFA), also known as two-factor authentication (2FA), rely on sending codes via SMS text messages or phone calls. There are serious problems with this approach.
Two-factor authentication (2FA), also known as multi-factor authentication (MFA), comes in many flavors. But not all are created equal. Best practices should involve at least two selections from this list: FIDOU2F hardware keys, one-time passwords (OTP), and recovery codes.