Which security measure is commonly used for Epic access to mitigate credential theft?

Two-factor authentication adds a second form of verification to Epic access, so simply knowing the password isn’t enough for someone to log in. By requiring something you have (like a code from an authenticator app, a push notification, or a hardware security key) in addition to something you know (the password), credential theft becomes much less effective. Even if an attacker steals a password, they still need that second factor to gain access, which dramatically reduces the chances of unauthorized entry. Password policies help reduce weak passwords but don’t stop attackers who already have valid credentials. Single sign-on can simplify access but doesn’t inherently prevent misuse if the primary credentials are stolen. Encryption at rest protects data on storage, not the authentication process. So the second-factor approach directly addresses the risk of credential theft during login.