Hello Folks!! Can we implement MFA only from kratos?? I'm not able to understand why do we have to implement both login from hydra and kratos too. Didn't get this thing @magnificent-energy-493 can you help me to understand??

I didn't get my answer from this link

@witty-caravan-15651 You can implement MFA just with Ory Kratos: https://www.ory.sh/docs/kratos/mfa/overview Hydra is good as extension for these usecases: • Single sign-on (SSO): Allow users to authenticate with a single set of credentials across multiple applications, eliminating the need for multiple logins. • Mobile and third-party application authorization: Enable applications to request authorization to access resources on behalf of users. This lets users give apps limited access to their resources without sharing their credentials. • API access management: Use OAuth2 to verify the identity of clients that try to access APIs and enforce appropriate access control policies based on this identification. • Server-to-server communication: Authorize communication between servers without a user present. • Federated identity: Become an identity provider, authenticate users, and provide access to applications just like Google, Facebook, or GitHub.

I want to have MFA to make acccess harder like authenticator app usage will make it more tightly coupled (TOTP)

The simple answer is "yes, you can". MFA is entirely the domain of kratos, implementing TOTP and WebAuthN (FIDO) to name a view.

Could not have said it better, thanks Dimitrij 🙌