With so many stolen passwords and breaches involving stolen passwords, only a small number of security professionals believe that passwords are an adequate form of protection. Many organizations have turned to multi-factor authentication (MFA) or two-factor authentication (2FA) to reduce the risk of compromised passwords. This paper provides best practices for strengthening security with MFA.