MFA means that whatever application or service you’re logging in to is double-checking that the request is really coming from you by confirming the login with you through a separate avenue. You’ve probably used MFA before, even if you weren’t aware of it. If a website has ever sent a numeric code to your phone for you to enter to gain access, you’ve completed a multi-factor transaction.
MFA is essential to web security because it immediately neutralizes the risks associated with compromised passwords. If a password is hacked, guessed, or even phished, that’s no longer enough to give an intruder access: without approval at the second factor, a password alone is useless.