Using multifactor authentication (MFA)
Many sites and applications offer multifactor authentication (MFA). With MFA enabled, logging into a website or application requires both a password and a unique code that is texted to your phone number or delivered via an authenticator app. You have to input this code in order to gain access to your account. Even if someone else has your password, they will not be able to break into your accounts if they can not get the code.
MFA (alias 2FA) is a pain involving hopping back and forth and copying and pasting. So Apple introduced a feature in iOS 12+ called security code autofill. Now when you log into an app or website where you have MFA enabled, you no longer need to navigate to the Messages app to retrieve your texted MFA code. As soon as the text with the code arrives, it will be routed to the iPhone’s keyboard where you can just tap on the code to autofill it into the security field in an app or website.
Security code autofill is built-in, so there is no need to enable it. You will need to enable 2FA on any apps or websites you want to use the security feature with. Enable 2FA on every social media and financial site you use.
Note that MFA bypasses are becoming “common”.