Thanks for the information. Regarding MFA, do you recommend using a generator like Microsoft Authenticator vs. text/phone then? Thank you.
Absolutely. Authenticator apps all work using a hash and salt mechanism that leverages the cryptographic processor in your phone or related device. That processor does the heavy cryptographic lifting to generate complex numbers which are used to generate number patterns unique to your device. When you scan the QR code for the first time, the app is generating a unique hash for your login, and when the challenge portion of the authentication happens, instead of passing a password, you input your numbers which are then compared to the expected output of your key, which is stored with the auth provider, and if they match, you are let in.
If you want to be REALLY secure, opt for FIDO2 tokens. YubiKeys are the most common FIDO2 keys and are relatively cheap to acquire (~$60). These are self-contained cryptographic devices that have a processor and memory on board to generate cryptographically unique strings which can be used instead of passwords (passwordless logons). The best selling point for these: they're phishing resistant. How?
They have a small bioreactive "button" on them that you have to touch for the key to unlock the repository and provide the unique string/password. You have to be physically in control of the device, so unless you've lost the device, it's impossible for a threat actor to use your logon.
Most popular big tech companies such as Microsoft, Google, PayPal, and Amazon support FIDO2 keys, and they make security a breeze. You can store logins for up to 30 different providers on one YubiKey.