{"id":11981,"date":"2026-02-19T09:00:00","date_gmt":"2026-02-19T08:00:00","guid":{"rendered":"https:\/\/prosteit.pl\/?p=11981"},"modified":"2026-02-17T16:23:00","modified_gmt":"2026-02-17T15:23:00","slug":"mfa-2fa-what-is-it-is-it-worth-it","status":"publish","type":"post","link":"https:\/\/prosteit.pl\/en\/mfa-2fa-what-is-it-is-it-worth-it\/","title":{"rendered":"MFA and 2FA \u2013 what are they and why it is worth implementing them as the first step in IT security"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"11981\" class=\"elementor elementor-11981\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-754a204 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"754a204\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;ekit_has_onepagescroll_dot&quot;:&quot;yes&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-181fa4f\" data-id=\"181fa4f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2fb5057d elementor-widget elementor-widget-text-editor\" data-id=\"2fb5057d\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p data-start=\"0\" data-end=\"321\">A password isn&#039;t enough these days. All it takes is a single data breach, a duplicate password from another service, or a well-crafted phishing email for someone to gain access to a company&#039;s email or financial system. <strong data-start=\"200\" data-end=\"213\">MFA and 2FA<\/strong> is a simple mechanism that can block such a scenario \u2013 even when the attacker knows your password.<\/p><p data-start=\"323\" data-end=\"516\" data-is-last-node=\"\" data-is-only-node=\"\">In this article, we explain the differences between MFA and 2FA, how they work in practice, and why implementing them is one of the most sensible first steps in building IT security in your company.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-539218a elementor-widget elementor-widget-image\" data-id=\"539218a\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"1920\" height=\"1288\" src=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/autoryzacja-mfa.webp\" class=\"attachment-full size-full wp-image-11984\" alt=\"\" srcset=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/autoryzacja-mfa.webp 1920w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/autoryzacja-mfa-300x201.webp 300w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/autoryzacja-mfa-1024x687.webp 1024w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/autoryzacja-mfa-768x515.webp 768w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/autoryzacja-mfa-1536x1030.webp 1536w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/autoryzacja-mfa-18x12.webp 18w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-020273b elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"020273b\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-f285af3 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f285af3\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;ekit_has_onepagescroll_dot&quot;:&quot;yes&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6899064\" data-id=\"6899064\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-33719a0 elementor-widget elementor-widget-text-editor\" data-id=\"33719a0\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"co-to-mfa-i-2fa\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"0\" data-end=\"44\">What is 2FA and MFA<\/h2><p data-start=\"46\" data-end=\"252\">To understand 2FA and MFA, it helps to start with one word: <strong data-start=\"103\" data-end=\"114\">factor<\/strong>. An authentication factor is simply &quot;proof&quot; that it&#039;s really you trying to log in. You&#039;ll most often encounter three types of authentication:<\/p><ul data-start=\"254\" data-end=\"450\"><li data-start=\"254\" data-end=\"295\"><p data-start=\"256\" data-end=\"295\"><strong data-start=\"256\" data-end=\"273\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>something you know<\/strong> \u2013 e.g. password or PIN<\/p><\/li><li data-start=\"296\" data-end=\"381\"><p data-start=\"298\" data-end=\"381\"><strong data-start=\"298\" data-end=\"314\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>something you have<\/strong> \u2013 e.g. a phone with an authentication app or a hardware key<\/p><\/li><li data-start=\"382\" data-end=\"450\"><p data-start=\"384\" data-end=\"450\"><strong data-start=\"384\" data-end=\"404\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>something you are<\/strong> \u2013 e.g. fingerprint or facial recognition<\/p><\/li><\/ul><p data-start=\"452\" data-end=\"718\"><strong data-start=\"452\" data-end=\"487\">2FA (Two-Factor Authentication)<\/strong> is two-factor authentication - logging in requires <strong data-start=\"542\" data-end=\"561\">exactly two<\/strong> factors. Most often, it goes like this: you enter a password (something you know), and then confirm your login with a code or a notification on your phone (something you have).<\/p><p data-start=\"720\" data-end=\"1017\"><strong data-start=\"720\" data-end=\"757\">MFA (Multi-Factor Authentication)<\/strong> is multi-factor authentication \u2013 in practice it means logging in that requires <strong data-start=\"837\" data-end=\"858\">at least two<\/strong> factors (sometimes more). Many people use these terms interchangeably and in everyday language it is not a &quot;mistake&quot; - the important thing is that it is about <strong data-start=\"991\" data-end=\"1016\">more than just a password<\/strong>.<\/p><p data-start=\"1019\" data-end=\"1082\">In practice, you will most often encounter 2FA\/MFA in the following scenarios:<\/p><ul data-start=\"1083\" data-end=\"1415\"><li data-start=\"1083\" data-end=\"1153\"><p data-start=\"1085\" data-end=\"1153\">\u2022 logging in to email and cloud (e.g. <a href=\"https:\/\/prosteit.pl\/en\/2fa-in-microsoft-365-google-workspace\/\">Microsoft 365<\/a>, <a href=\"https:\/\/prosteit.pl\/en\/2fa-in-microsoft-365-google-workspace\/\">Google Workspace<\/a>)<\/p><\/li><li data-start=\"1154\" data-end=\"1256\"><p data-start=\"1156\" data-end=\"1256\">\u2022 logging in to tools with access to money or data (bank, invoicing system, payment panel)<\/p><\/li><li data-start=\"1257\" data-end=\"1330\"><p data-start=\"1259\" data-end=\"1330\">\u2022 logging in to administration panels (e.g. WordPress, hosting panel)<\/p><\/li><li data-start=\"1331\" data-end=\"1415\"><p data-start=\"1333\" data-end=\"1415\">\u2022 logging in to remote access (VPN, remote desktop tools, corporate systems)<\/p><\/li><\/ul><p data-start=\"1417\" data-end=\"1660\">The key benefit is simple: <strong data-start=\"1447\" data-end=\"1516\">even if someone knows your password, they still have to go through the second step<\/strong>. And in a huge number of real attacks (phishing, password leaks, duplicate passwords), this makes the difference between a &quot;hack attempt&quot; and a &quot;compromised account.&quot;.<\/p><p data-start=\"1662\" data-end=\"1974\">Finally, an important clarification: 2FA\/MFA is a mechanism, not a single, specific method. This second step can look different \u2013 an SMS code, an in-app code, a push notification, a security key. And the choice of method determines whether the implementation will be merely a checkbox or will actually improve security.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d80500c elementor-widget elementor-widget-image\" data-id=\"d80500c\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1536\" height=\"1024\" src=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/miniatura-2fa-czy-mfa.webp\" class=\"attachment-full size-full wp-image-11986\" alt=\"\" srcset=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/miniatura-2fa-czy-mfa.webp 1536w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/miniatura-2fa-czy-mfa-300x200.webp 300w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/miniatura-2fa-czy-mfa-1024x683.webp 1024w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/miniatura-2fa-czy-mfa-768x512.webp 768w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/miniatura-2fa-czy-mfa-18x12.webp 18w\" sizes=\"(max-width: 1536px) 100vw, 1536px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fe5a61f elementor-widget elementor-widget-text-editor\" data-id=\"fe5a61f\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"2fa-a-mfa-roznice\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"0\" data-end=\"53\">2FA and MFA \u2013 differences that really matter<\/h2><p data-start=\"55\" data-end=\"353\">In practice, many people use the terms <strong data-start=\"89\" data-end=\"102\">2FA and MFA<\/strong> interchangeably. And in everyday conversation, this isn&#039;t a big mistake \u2013 in both cases, the point is that logging in requires more than just a password. The difference starts to matter when we talk about <strong data-start=\"297\" data-end=\"324\">security level<\/strong>, and not just about the name itself.<\/p><p data-start=\"355\" data-end=\"448\"><strong data-start=\"355\" data-end=\"390\">2FA (Two-Factor Authentication)<\/strong> means exactly two factors.<br data-start=\"422\" data-end=\"425\" \/>Most common scenario:<\/p><ul data-start=\"449\" data-end=\"490\"><li data-start=\"449\" data-end=\"458\"><p data-start=\"451\" data-end=\"458\">\u2022 password<\/p><\/li><li data-start=\"459\" data-end=\"490\"><p data-start=\"461\" data-end=\"490\">\u2022 SMS code or code from the app<\/p><\/li><\/ul><p data-start=\"492\" data-end=\"560\">This significantly increases security compared to just a password.<\/p><p data-start=\"562\" data-end=\"778\"><strong data-start=\"562\" data-end=\"599\">MFA (Multi-Factor Authentication)<\/strong> means at least two factors \u2013 but there can be more. More importantly, MFA often allows for the selection of different methods and their combination. In corporate environments, this means, for example:<\/p><ul data-start=\"779\" data-end=\"963\"><li data-start=\"779\" data-end=\"818\"><p data-start=\"781\" data-end=\"818\">\u2022 password + authenticator app<\/p><\/li><li data-start=\"819\" data-end=\"846\"><p data-start=\"821\" data-end=\"846\">\u2022 password + hardware key<\/p><\/li><li data-start=\"847\" data-end=\"882\"><p data-start=\"849\" data-end=\"882\">\u2022 biometrics + trusted device<\/p><\/li><li data-start=\"883\" data-end=\"963\"><p data-start=\"885\" data-end=\"963\">\u2022 different requirements depending on location, device or user role<\/p><\/li><\/ul><p data-start=\"965\" data-end=\"1063\">And here comes the crux: <strong data-start=\"989\" data-end=\"1062\">what counts is not only the number of ingredients, but also their resistance to takeover<\/strong>.<\/p><p data-start=\"1065\" data-end=\"1146\">Example:<br data-start=\"1074\" data-end=\"1077\" \/>Password + SMS is formally 2FA.<br data-start=\"1106\" data-end=\"1109\" \/>Password + key FIDO2 is also 2FA.<\/p><p data-start=\"1148\" data-end=\"1411\">Both solutions meet the definition, but the level of protection is completely different. SMS messages can be intercepted through a SIM swap attack or operator manipulation. A phishing-resistant hardware key requires the user&#039;s physical presence and is much more difficult to bypass.<\/p><p data-start=\"1413\" data-end=\"1457\">So in practice the question should not be:<\/p><blockquote data-start=\"1458\" data-end=\"1480\"><p data-start=\"1460\" data-end=\"1480\">Do I have 2FA or MFA?<\/p><\/blockquote><p data-start=\"1482\" data-end=\"1488\">Just:<\/p><blockquote data-start=\"1489\" data-end=\"1563\"><p data-start=\"1491\" data-end=\"1563\">Does my second component actually protect my account against the most common attacks?<\/p><\/blockquote><p data-start=\"1565\" data-end=\"1862\">For a small business, simply enabling 2FA in the form of an authentication app is a huge step forward. For administrative and financial accounts, or access to the entire infrastructure, it&#039;s worth considering stronger methods \u2013 ones that are phishing-resistant and don&#039;t rely solely on SMS.<\/p><p data-start=\"1565\" data-end=\"1862\">2FA and MFA differ in definition, but in practice the key is <strong data-start=\"1944\" data-end=\"1972\">quality of the second factor<\/strong>, not the label itself. It&#039;s this detail that determines whether the security measure is a formality or a real barrier to an attacker.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5d567ea elementor-widget elementor-widget-text-editor\" data-id=\"5d567ea\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"mfa-jako-pierwszy-krok\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"0\" data-end=\"53\">Why MFA is a &quot;First Step&quot; and Not a &quot;Whim&quot;\u201e<\/h2><p data-start=\"55\" data-end=\"319\">Most account breaches don&#039;t begin with a complex technical attack. They begin with a password\u2014stolen in a phishing attack, reused from another site, or guessed through guessing. The password itself is currently the weakest link in the entire security chain.<\/p><p data-start=\"321\" data-end=\"621\"><strong data-start=\"321\" data-end=\"348\">MFA is a game changer.<\/strong><br data-start=\"348\" data-end=\"351\" \/>Even if an attacker learns the password, they&#039;re stuck at the second login step. Without access to the phone, authentication app, or hardware key, they can&#039;t proceed any further. This simple security measure can block a significant portion of real account takeover scenarios.<\/p><p data-start=\"623\" data-end=\"961\">Importantly, implementing MFA doesn&#039;t require replacing servers, firewalls, or costly infrastructure rebuilds. In many systems, it&#039;s a matter of enabling the appropriate feature and training users. That&#039;s why it&#039;s referred to as <strong data-start=\"849\" data-end=\"889\">the first step in IT security<\/strong> \u2013 provides a large risk reduction with relatively little effort.<\/p><p data-start=\"963\" data-end=\"1163\" data-is-last-node=\"\" data-is-only-node=\"\">This isn&#039;t a &quot;corporate add-on.&quot; It&#039;s a fundamental layer of protection\u2014especially where corporate email, finances, and customer data are concerned. Without it, any password is just a thin line of defense.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f2d40c6 elementor-widget elementor-widget-text-editor\" data-id=\"f2d40c6\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"najczestsze-metody-mfa-i-2fa\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"0\" data-end=\"63\">Which MFA\/2FA methods are most common and which ones usually make sense<\/h2><p data-start=\"65\" data-end=\"318\">Not all MFA\/2FA methods offer the same protection. They vary. <strong data-start=\"141\" data-end=\"203\">security, resistance to attacks and user convenience<\/strong> - and these <a href=\"https:\/\/pages.nist.gov\/800-63-3-Implementation-Resources\/63B\/AAL\/\" target=\"_blank\" rel=\"noopener\">three aspects<\/a> should determine the choice of solution in your company.<\/p><p data-start=\"320\" data-end=\"849\"><strong data-start=\"320\" data-end=\"357\">1) SMS with one-time code (OTP)<\/strong> \u2013 \u201eeasy start\u201d<br data-start=\"373\" data-end=\"376\" \/>This is the simplest form of MFA: when you log in, you receive an SMS with a code that you enter alongside your password. It has a huge advantage: it works virtually anywhere and doesn&#039;t require additional apps. However, <strong data-start=\"560\" data-end=\"601\">security is relatively low<\/strong> \u2013 attacks such as number hijacking (SIM swap) or phishing can bypass this second component.\u00a0<\/p><p data-start=\"320\" data-end=\"849\">It makes sense as a method <strong data-start=\"755\" data-end=\"782\">initial or backup<\/strong>, but it should not be the only protection for critical accounts.<\/p><p data-start=\"851\" data-end=\"1537\"><strong data-start=\"851\" data-end=\"899\">2) Authentication Apps (TOTP\/Push)<\/strong> \u2013 a good compromise<br data-start=\"917\" data-end=\"920\" \/>Apps like Google Authenticator, Microsoft Authenticator, and others generate time-based codes or send a &quot;confirm login&quot; notification. TOTP codes are more secure than SMS \u2013 they don&#039;t pass through carriers and are not easily intercepted.\u00a0<\/p><p data-start=\"851\" data-end=\"1537\">Push notifications are more convenient \u2013 one tap approves login \u2013 but they can be susceptible to so-called. <strong data-start=\"1321\" data-end=\"1337\">push bombing<\/strong> (an attack that harasses the user with multiple requests).\u00a0<\/p><p data-start=\"851\" data-end=\"1537\">This <strong data-start=\"1431\" data-end=\"1472\">a practical method for most companies<\/strong> \u2013 better than SMS, good balance of security and usability.<\/p><p data-start=\"1539\" data-end=\"2113\"><strong data-start=\"1539\" data-end=\"1592\">3) Hardware Keys and Passkeys (<a href=\"https:\/\/www.microsoft.com\/pl-pl\/security\/business\/security-101\/what-is-fido2\" target=\"_blank\" rel=\"noopener\">FIDO2<\/a> \/ WebAuthn)<\/strong> \u2013 strong protection<br data-start=\"1608\" data-end=\"1611\" \/>Hardware keys (e.g. FIDO2 standards) and modern &quot;passkeys&quot; based on public cryptography are currently <strong data-start=\"1722\" data-end=\"1755\">the safest MFA methods<\/strong>, resistant to phishing and man-in-the-middle attacks.\u00a0<\/p><p data-start=\"1539\" data-end=\"2113\">The key generates a unique signature only for a given domain, so even a perfect fake login page will be of no use to an attacker.\u00a0<\/p><p data-start=\"1539\" data-end=\"2113\">This is the best choice <strong data-start=\"2037\" data-end=\"2112\">for privileged accounts, administrators and high-risk systems<\/strong>.<\/p><p data-start=\"2115\" data-end=\"2516\"><strong data-start=\"2115\" data-end=\"2162\">4) Biometrics and device-embedded methods<\/strong><br data-start=\"2162\" data-end=\"2165\" \/>Many modern solutions (e.g. Windows Hello, biometric authentication on the phone) combine <strong data-start=\"2264\" data-end=\"2280\">something you have<\/strong> With <strong data-start=\"2283\" data-end=\"2305\">something you are<\/strong> \u2013 offering strong security without the need to enter codes.\u00a0<\/p><p data-start=\"2115\" data-end=\"2516\">This is a great option when your organization uses modern identity policies and corporate devices.<\/p><p data-start=\"2518\" data-end=\"2557\"><strong data-start=\"2518\" data-end=\"2555\">Summary \u2013 What usually makes sense:<\/strong><\/p><ul data-start=\"2558\" data-end=\"3056\"><li data-start=\"2558\" data-end=\"2657\"><p data-start=\"2560\" data-end=\"2657\"><strong data-start=\"2560\" data-end=\"2568\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>Text message:<\/strong> good start, <strong data-start=\"2582\" data-end=\"2616\">not as the only security<\/strong>.<\/p><\/li><li data-start=\"2658\" data-end=\"2799\"><p data-start=\"2660\" data-end=\"2799\"><strong data-start=\"2660\" data-end=\"2690\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>MFA Apps (TOTP\/push):<\/strong> the best compromise of security and convenience for most teams.<\/p><\/li><li data-start=\"2800\" data-end=\"2937\"><p data-start=\"2802\" data-end=\"2937\"><strong data-start=\"2802\" data-end=\"2834\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>Hardware keys \/ passkeys:<\/strong> <strong data-start=\"2835\" data-end=\"2863\">highest security<\/strong> \u2013 best for critical accounts.<\/p><\/li><li data-start=\"2938\" data-end=\"3056\"><p data-start=\"2940\" data-end=\"3056\"><strong data-start=\"2940\" data-end=\"2977\"><span style=\"font-weight: normal;\">\u2022\u00a0<\/span>Biometrics \/ device-bound methods:<\/strong> strong and comfortable where possible.<\/p><\/li><\/ul><p data-start=\"3058\" data-end=\"3310\">In practice it is often worth it <strong data-start=\"3082\" data-end=\"3101\">combine methods<\/strong> \u2013 e.g. push MFA as the main and hardware key for administrators and financial systems \u2013 to get <strong data-start=\"3206\" data-end=\"3269\">different levels of protection where it matters most<\/strong>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2b6eaff elementor-widget elementor-widget-image\" data-id=\"2b6eaff\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1460\" height=\"616\" src=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/biometryka.webp\" class=\"attachment-full size-full wp-image-11983\" alt=\"MFA and 2FA - what are they and why it is worth implementing them as the first step in IT security\" srcset=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/biometryka.webp 1460w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/biometryka-300x127.webp 300w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/biometryka-1024x432.webp 1024w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/biometryka-768x324.webp 768w, https:\/\/prosteit.pl\/wp-content\/uploads\/2026\/02\/biometryka-18x8.webp 18w\" sizes=\"(max-width: 1460px) 100vw, 1460px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-53f4e72 elementor-widget elementor-widget-text-editor\" data-id=\"53f4e72\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"szybki-start-bezpieczenstwo-it\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"0\" data-end=\"56\">What you can do now \u2013 quick implementation without chaos<\/h2><p data-start=\"58\" data-end=\"267\">Implementing MFA doesn&#039;t have to be a massive project or require weeks of planning. Most companies can realistically improve their security in a single day\u2014provided they start in the right places.<\/p><p data-start=\"269\" data-end=\"553\"><strong data-start=\"269\" data-end=\"327\">1) Start with the accounts that hurt the most when compromised<\/strong><br data-start=\"327\" data-end=\"330\" \/>Enable MFA first on: company email, administrator accounts, financial systems, invoicing and payment tools, and remote access (VPN, RDP, cloud panels). This is where the risk and potential losses are greatest.<\/p><p data-start=\"555\" data-end=\"845\"><strong data-start=\"555\" data-end=\"617\">2) Choose a sensible method \u2013 not just the first one that comes to mind\u201e<\/strong><br data-start=\"617\" data-end=\"620\" \/>If you have a choice, opt for an authentication app (TOTP or push codes). SMS can be a temporary or backup solution, but for key accounts, it&#039;s worth considering more robust methods, such as hardware keys or passkeys.<\/p><p data-start=\"847\" data-end=\"1125\"><strong data-start=\"847\" data-end=\"894\">3) Secure the &quot;lost phone&quot; scenario\u201e<\/strong><br data-start=\"894\" data-end=\"897\" \/>Set up backup login methods and recovery codes. In a corporate environment, it&#039;s a good idea to have at least two administrative accounts with MFA and a clear access recovery procedure. Lack of a backup plan is a more common problem than the attack itself.<\/p><p data-start=\"1127\" data-end=\"1373\"><strong data-start=\"1127\" data-end=\"1168\">4) Check logs and alerts after deployment<\/strong><br data-start=\"1168\" data-end=\"1171\" \/>The first few days after enabling MFA often reveal whether someone has previously attempted to log in from unusual locations. It&#039;s worth reviewing your login history and enabling notifications for suspicious access attempts.<\/p><p data-start=\"1375\" data-end=\"1631\" data-is-last-node=\"\" data-is-only-node=\"\">The most important thing: don&#039;t postpone implementation &quot;until later, because it requires careful planning.&quot; With MFA, even basic configuration significantly reduces risk. It&#039;s one of the few security elements where the cost-to-effort ratio is truly favorable.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c53cd24 elementor-widget elementor-widget-text-editor\" data-id=\"c53cd24\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"najczestsze-bledy-przy-wdrozeniu\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"0\" data-end=\"47\">The Most Common MFA Mistakes and How to Avoid Them<\/h2><p data-start=\"49\" data-end=\"279\">MFA can be a great way to protect accounts\u2014but only when implemented sensibly. In practice, most problems stem not from the technology, but from the details: who has MFA enabled, which method, and what happens if something goes wrong.<\/p><p data-start=\"281\" data-end=\"653\"><strong data-start=\"281\" data-end=\"352\">1) MFA for some people, and the &quot;most important&quot; account remains unprotected<\/strong><br data-start=\"352\" data-end=\"355\" \/>A common scenario: users have MFA, but the administrator, tenant owner, billing, or integration account works &quot;without any issues.&quot; This is a mistake because attackers always target accounts with the highest privileges.<br data-start=\"571\" data-end=\"574\" \/>How to avoid: start with admin and financial accounts, then the rest of the team.<\/p><p data-start=\"655\" data-end=\"1005\"><strong data-start=\"655\" data-end=\"722\">2) No recovery plan (lost phone = paralysis)<\/strong><br data-start=\"722\" data-end=\"725\" \/>If someone changes their phone, deletes the app, or loses their device, the company may be stuck at the login stage.<br data-start=\"832\" data-end=\"835\" \/>How to avoid this: Set up backup methods, recovery codes, and at least two admin accounts with MFA. Establish a simple &quot;what do we do when we lose the second factor&quot; procedure.<\/p><p data-start=\"1007\" data-end=\"1339\"><strong data-start=\"1007\" data-end=\"1057\">3) SMS as the only method for critical accounts<\/strong><br data-start=\"1057\" data-end=\"1060\" \/>SMS can be convenient, but it is the weakest popular 2FA variant and is often overused as a &quot;go-to solution&quot;.<br data-start=\"1170\" data-end=\"1173\" \/>How to avoid: Treat SMS as a startup or fallback option. For key accounts, choose an app (TOTP\/push), and for administrators, consider hardware keys or passkeys.<\/p><p data-start=\"1341\" data-end=\"1673\"><strong data-start=\"1341\" data-end=\"1388\">4) Leaving a weak login workaround<\/strong><br data-start=\"1388\" data-end=\"1391\" \/>Even if MFA is enabled, there are often additional access paths: old protocols, exceptions, service account without MFA, &quot;temporarily disabled&quot; permanently.<br data-start=\"1549\" data-end=\"1552\" \/>How to avoid: Keep exceptions to a minimum and regularly check for accounts or integrations that bypass MFA.<\/p><p data-start=\"1675\" data-end=\"2076\"><strong data-start=\"1675\" data-end=\"1733\">5) &quot;Push fatigue&quot; - approval of logins without reading<\/strong><br data-start=\"1733\" data-end=\"1736\" \/>If MFA is implemented as a push notification, a user may click &quot;Approve&quot; reflexively, especially when receiving a series of notifications. This opens the door to a user fatigue attack.<br data-start=\"1932\" data-end=\"1935\" \/>How to avoid: Inform your team that MFA notifications only make sense when they&#039;re the ones logging in. If in doubt, dismiss and report them.<\/p><p data-start=\"2078\" data-end=\"2306\">Summary: Most MFA problems are predictable. If you secure privileged accounts, prepare for access recovery, and limit workarounds, MFA will become a real barrier, not just a checkbox in settings.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-62db9aa elementor-widget elementor-widget-heading\" data-id=\"62db9aa\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"najczesciej-zadawane-pytania\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\"><span style=\"font-size: 24px\">Frequently asked questions<\/span><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t<div data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-element elementor-element-db6d240 e-flex e-con-boxed e-con e-parent\" data-id=\"db6d240\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;ekit_has_onepagescroll_dot&quot;:&quot;yes&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-771bc5a elementor-widget elementor-widget-elementskit-accordion\" data-id=\"771bc5a\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"elementskit-accordion.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"ekit-wid-con\" >\n        <div class=\"elementskit-accordion accoedion-primary side-curve\" id=\"accordion-69d610996e9a3\">\n\n            \n                <div class=\"elementskit-card active\">\n                    <div class=\"elementskit-card-header\" id=\"primaryHeading-0-771bc5a\">\n                        <a href=\"#collapse-0c8ca2069d610996e9a3\" class=\"ekit-accordion--toggler elementskit-btn-link collapsed\" data-ekit-toggle=\"collapse\" data-target=\"#Collapse-0c8ca2069d610996e9a3\" aria-expanded=\"true\" aria-controls=\"Collapse-0c8ca2069d610996e9a3\">\n                            \n                            <span class=\"ekit-accordion-title\">Does MFA protect against phishing?<\/span>\n\n                            \n                                <div class=\"ekit_accordion_icon_group\">\n                                    <div class=\"ekit_accordion_normal_icon\">\n                                        <!-- Normal Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-down-arrow1\"><\/i>                                    <\/div>\n\n                                    <div class=\"ekit_accordion_active_icon\">\n                                        <!-- Active Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-up-arrow\"><\/i>                                    <\/div>\n                                <\/div>\n\n                            \n                                                    <\/a>\n                    <\/div>\n\n                    <div id=\"Collapse-0c8ca2069d610996e9a3\" class=\"show collapse\" aria-labelledby=\"primaryHeading-0-771bc5a\" data-parent=\"#accordion-69d610996e9a3\">\n\n                        <div class=\"elementskit-card-body ekit-accordion--content\">\n                            <p>In many cases, yes\u2014especially when using an authentication app or hardware key. Methods based on FIDO2 and passkeys offer the highest resistance to phishing. SMS alone isn&#039;t always enough.<\/p>                        <\/div>\n\n                    <\/div>\n\n                <\/div><!-- .elementskit-card END -->\n\n                \n                <div class=\"elementskit-card\">\n                    <div class=\"elementskit-card-header\" id=\"primaryHeading-1-771bc5a\">\n                        <a href=\"#collapse-9cdc47c69d610996e9a3\" class=\"ekit-accordion--toggler elementskit-btn-link collapsed\" data-ekit-toggle=\"collapse\" data-target=\"#Collapse-9cdc47c69d610996e9a3\" aria-expanded=\"false\" aria-controls=\"Collapse-9cdc47c69d610996e9a3\">\n                            \n                            <span class=\"ekit-accordion-title\">Does SMS as 2FA make sense?<\/span>\n\n                            \n                                <div class=\"ekit_accordion_icon_group\">\n                                    <div class=\"ekit_accordion_normal_icon\">\n                                        <!-- Normal Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-down-arrow1\"><\/i>                                    <\/div>\n\n                                    <div class=\"ekit_accordion_active_icon\">\n                                        <!-- Active Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-up-arrow\"><\/i>                                    <\/div>\n                                <\/div>\n\n                            \n                                                    <\/a>\n                    <\/div>\n\n                    <div id=\"Collapse-9cdc47c69d610996e9a3\" class=\"collapse\" aria-labelledby=\"primaryHeading-1-771bc5a\" data-parent=\"#accordion-69d610996e9a3\">\n\n                        <div class=\"elementskit-card-body ekit-accordion--content\">\n                            <p>It makes sense as a startup or backup solution. However, it&#039;s not the most secure method, and for administrative or financial accounts, it&#039;s worth considering more robust options.<\/p>                        <\/div>\n\n                    <\/div>\n\n                <\/div><!-- .elementskit-card END -->\n\n                \n                <div class=\"elementskit-card\">\n                    <div class=\"elementskit-card-header\" id=\"primaryHeading-2-771bc5a\">\n                        <a href=\"#collapse-f41ff4569d610996e9a3\" class=\"ekit-accordion--toggler elementskit-btn-link collapsed\" data-ekit-toggle=\"collapse\" data-target=\"#Collapse-f41ff4569d610996e9a3\" aria-expanded=\"false\" aria-controls=\"Collapse-f41ff4569d610996e9a3\">\n                            \n                            <span class=\"ekit-accordion-title\">Which is better: in-app codes, push, or hardware key?<\/span>\n\n                            \n                                <div class=\"ekit_accordion_icon_group\">\n                                    <div class=\"ekit_accordion_normal_icon\">\n                                        <!-- Normal Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-down-arrow1\"><\/i>                                    <\/div>\n\n                                    <div class=\"ekit_accordion_active_icon\">\n                                        <!-- Active Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-up-arrow\"><\/i>                                    <\/div>\n                                <\/div>\n\n                            \n                                                    <\/a>\n                    <\/div>\n\n                    <div id=\"Collapse-f41ff4569d610996e9a3\" class=\"collapse\" aria-labelledby=\"primaryHeading-2-771bc5a\" data-parent=\"#accordion-69d610996e9a3\">\n\n                        <div class=\"elementskit-card-body ekit-accordion--content\">\n                            <p>For most companies, in-app codes or push notifications are a good compromise. Hardware keys or passkeys offer a higher level of security, especially for administrators and high-value systems.<\/p>                        <\/div>\n\n                    <\/div>\n\n                <\/div><!-- .elementskit-card END -->\n\n                \n                <div class=\"elementskit-card\">\n                    <div class=\"elementskit-card-header\" id=\"primaryHeading-3-771bc5a\">\n                        <a href=\"#collapse-6c8790769d610996e9a3\" class=\"ekit-accordion--toggler elementskit-btn-link collapsed\" data-ekit-toggle=\"collapse\" data-target=\"#Collapse-6c8790769d610996e9a3\" aria-expanded=\"false\" aria-controls=\"Collapse-6c8790769d610996e9a3\">\n                            \n                            <span class=\"ekit-accordion-title\">What if an employee loses a phone with an MFA app?<\/span>\n\n                            \n                                <div class=\"ekit_accordion_icon_group\">\n                                    <div class=\"ekit_accordion_normal_icon\">\n                                        <!-- Normal Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-down-arrow1\"><\/i>                                    <\/div>\n\n                                    <div class=\"ekit_accordion_active_icon\">\n                                        <!-- Active Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-up-arrow\"><\/i>                                    <\/div>\n                                <\/div>\n\n                            \n                                                    <\/a>\n                    <\/div>\n\n                    <div id=\"Collapse-6c8790769d610996e9a3\" class=\"collapse\" aria-labelledby=\"primaryHeading-3-771bc5a\" data-parent=\"#accordion-69d610996e9a3\">\n\n                        <div class=\"elementskit-card-body ekit-accordion--content\">\n                            <p>Therefore, it&#039;s worth setting up backup methods and recovery codes in advance. In a corporate environment, there should be at least two administrative accounts with MFA and a clear procedure for restoring access.<\/p>                        <\/div>\n\n                    <\/div>\n\n                <\/div><!-- .elementskit-card END -->\n\n                \n                <div class=\"elementskit-card\">\n                    <div class=\"elementskit-card-header\" id=\"primaryHeading-4-771bc5a\">\n                        <a href=\"#collapse-cc1dd7a69d610996e9a3\" class=\"ekit-accordion--toggler elementskit-btn-link collapsed\" data-ekit-toggle=\"collapse\" data-target=\"#Collapse-cc1dd7a69d610996e9a3\" aria-expanded=\"false\" aria-controls=\"Collapse-cc1dd7a69d610996e9a3\">\n                            \n                            <span class=\"ekit-accordion-title\">Is implementing MFA in a small business complicated?<\/span>\n\n                            \n                                <div class=\"ekit_accordion_icon_group\">\n                                    <div class=\"ekit_accordion_normal_icon\">\n                                        <!-- Normal Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-down-arrow1\"><\/i>                                    <\/div>\n\n                                    <div class=\"ekit_accordion_active_icon\">\n                                        <!-- Active Icon -->\n\t\t\t\t\t\t\t\t\t\t<i class=\"icon icon-up-arrow\"><\/i>                                    <\/div>\n                                <\/div>\n\n                            \n                                                    <\/a>\n                    <\/div>\n\n                    <div id=\"Collapse-cc1dd7a69d610996e9a3\" class=\"collapse\" aria-labelledby=\"primaryHeading-4-771bc5a\" data-parent=\"#accordion-69d610996e9a3\">\n\n                        <div class=\"elementskit-card-body ekit-accordion--content\">\n                            <p>Typically not. In many systems, such as Microsoft 365 or popular admin panels, it&#039;s a matter of enabling the feature and briefly training the team. The risk reduction is disproportionately large compared to the effort involved.<\/p>                        <\/div>\n\n                    <\/div>\n\n                <\/div><!-- .elementskit-card END -->\n\n                                                        <script type=\"application\/ld+json\">{\n    \"@context\": \"https:\\\/\\\/schema.org\",\n    \"@type\": \"FAQPage\",\n    \"mainEntity\": [\n        {\n            \"@type\": \"Question\",\n            \"name\": \"Czy MFA chroni przed phishingiem?\",\n            \"acceptedAnswer\": {\n                \"@type\": \"Answer\",\n                \"text\": \"<p>W wielu przypadkach tak - szczeg\\u00f3lnie gdy u\\u017cywasz aplikacji uwierzytelniaj\\u0105cej lub klucza sprz\\u0119towego. Najwy\\u017csz\\u0105 odporno\\u015b\\u0107 na phishing daj\\u0105 metody oparte na FIDO2 i passkeys. Sam SMS nie zawsze wystarczy.<\\\/p>\"\n            }\n        },\n        {\n            \"@type\": \"Question\",\n            \"name\": \"Czy SMS jako 2FA ma sens?\",\n            \"acceptedAnswer\": {\n                \"@type\": \"Answer\",\n                \"text\": \"<p>Ma sens jako rozwi\\u0105zanie startowe lub zapasowe. Nie jest jednak najbezpieczniejsz\\u0105 metod\\u0105 i dla kont administracyjnych czy finansowych warto rozwa\\u017cy\\u0107 mocniejsze opcje.<\\\/p>\"\n            }\n        },\n        {\n            \"@type\": \"Question\",\n            \"name\": \"Co jest lepsze: kody w aplikacji, push czy klucz sprz\\u0119towy?\",\n            \"acceptedAnswer\": {\n                \"@type\": \"Answer\",\n                \"text\": \"<p>Dla wi\\u0119kszo\\u015bci firm dobrym kompromisem s\\u0105 kody w aplikacji lub powiadomienia push. Klucz sprz\\u0119towy lub passkeys to wy\\u017cszy poziom bezpiecze\\u0144stwa - szczeg\\u00f3lnie dla administrator\\u00f3w i system\\u00f3w o du\\u017cym znaczeniu.<\\\/p>\"\n            }\n        },\n        {\n            \"@type\": \"Question\",\n            \"name\": \"Co je\\u015bli pracownik zgubi telefon z aplikacj\\u0105 MFA?\",\n            \"acceptedAnswer\": {\n                \"@type\": \"Answer\",\n                \"text\": \"<p>Dlatego warto wcze\\u015bniej skonfigurowa\\u0107 metody zapasowe i kody odzyskiwania. W \\u015brodowisku firmowym powinny istnie\\u0107 co najmniej dwa konta administracyjne z MFA oraz jasna procedura przywracania dost\\u0119pu.<\\\/p>\"\n            }\n        },\n        {\n            \"@type\": \"Question\",\n            \"name\": \"Czy wdro\\u017cenie MFA w ma\\u0142ej firmie jest skomplikowane?\",\n            \"acceptedAnswer\": {\n                \"@type\": \"Answer\",\n                \"text\": \"<p>Zwykle nie. W wielu systemach, takich jak Microsoft 365 czy popularne panele administracyjne, to kwestia w\\u0142\\u0105czenia funkcji i kr\\u00f3tkiego przeszkolenia zespo\\u0142u. Efekt w postaci redukcji ryzyka jest nieproporcjonalnie du\\u017cy w stosunku do nak\\u0142adu pracy.<\\\/p>\"\n            }\n        }\n    ]\n}<\/script>\n                                <\/div>\n    <\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>A password isn&#039;t enough these days. All it takes is a single data breach, a duplicate password from another service, or a well-crafted phishing email for someone to gain access to your company&#039;s email or financial system. MFA and 2FA are simple mechanisms that can block such a scenario\u2014even if the attacker knows your password. In this article, we explain the differences between [\u2026]<\/p>","protected":false},"author":4,"featured_media":11985,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[455],"tags":[952,421,955],"class_list":["post-11981","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpieczenstwo","tag-2fa","tag-bezpieczenstwo-it","tag-mfa"],"_links":{"self":[{"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/posts\/11981","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/comments?post=11981"}],"version-history":[{"count":5,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/posts\/11981\/revisions"}],"predecessor-version":[{"id":12018,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/posts\/11981\/revisions\/12018"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/media\/11985"}],"wp:attachment":[{"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/media?parent=11981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/categories?post=11981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/tags?post=11981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}