Ha, close! Multi-factor authentication. Very related to 2FA - Two-factor auth.
Most common type is requiring an SMS message to send you a code you enter. There are better ways to do this such as the many types of MFA code apps (MS Authenticator, Google Authenticator, etc). But, any MFA is better than no MFA.
I concur with this.
I mentioned elsewhere that I lost my wallet – or more likely had it lifted by a pickpocket – back in December. It would have been awful if I’d had my credit and debit cards in there but I keep all plastic in a separate wallet, and there was actually nothing there except a small amount of cash and, unfortunately, my social insurance card (similar to the SSN in the US). So someone has my social insurance number but I very much doubt anyone is doing anything with it, even though potentially it can be used as the starting point for identity theft. I’m not worried about it and apparently neither is the federal government – they will not issue a new SIN unless you provide proof that the old one has been used for fraud. Presumably this is very rare.
I get this, and both of you are people whose opinions I respect.
One could look at this as a kind of insurance. Yeah, nothing may ever happen, but if you can expend minimal effort (at no cost) to diminish those chances even more, then why not? Belt and braces, as it were.
By amazing coincidence … a phishing scam just this afternoon!
Certainly true in general.
I need to access the SSA website every month. Phoning them, a 90-minute project, to turn on electronic access then call them again to turn it back off would be a total PITA for me.
I open a credit account someplace every couple of months, and sometimes more often. Having to visit 6 websites to unlock everything then relock them all afterwards would likewise be a major PITA.
I never use a debit card except at an in-bank ATM precisely because of the much weaker consumer fraud protections.
My banks watch my credit cards for fraud and have never failed to spot a fraud before even daily checks by me would have.
One can make a fetish of defensive maneuvers. IMO “Can’t hurt; might help” ignores a vast psychic cost of worrying about shadows.
It’s the same mindset that gets gun nuts shooting people in their driveways. It’s letting ill-founded fear live in your mind rent-free.
YMMV of course and I wish you only peace of mind however you find that.
No kidding!
I have one credit card and have had it for years. No other credit accounts.
Ditto that.
As I mentioned, I have multiple alerts. I set these up after my credit card number used to be stolen every couple of years. Talk about a nuisance! I’ve only had one serious event since then-- a charge made for $400+ at a TJMaxx here in town with no card present! I get no surprises re my credit card.
Hey! Let’s not talk about fetishes in such a public space. 
See my post somewhere else about bra holsters. Just make sure you shoot that boob out there instead of your own boob.
I know. 
My mom got this email too, and asked me to look at it, but it didn’t give any further information without a login that she doesn’t have. And what information is there in the email is consistent with a big nothingburger: A “social security number showing up on the Dark Web” could just mean that someone posted a big list of random nine-digit numbers. Was her number actually connected to her name, or anything else? The big scary alert email didn’t actually say.
My only caveat is wondering how they got her email address. If she doesn’t have an account with them, then how would they match the SSN to her email? That would make me suspect there is more info linking the SSN.
That is, unless this is AT&T themselves sending the message to an email address they have on file. Or even sending a mass email to all customers involved in the breach.
Years ago when there was a data breach of federal employee records I was given a free account with MyID, and I get occasional notices from them (including notices of people on the sex offender registry moving within a certain distance of my home). When I recently signed up for a new credit card I got multiple alerts concerning it. I also had to temporarily unfreeze my credit record so the application could get processed.
Since this is @Chronos’ Mom, she’s probably sorta elderly.
An easier explanation is she has a business relationship, an account, with AT&T. But has never used their “convenient” online access and therefore has no login. Which is the word @Chronos used.
The email my mom got was (purportedly) from AT&T (I didn’t get as far as verifying, before I got to the point of “there’s no actual information here”). But now that I think of it, she doesn’t have a business relationship with them. She did, years ago, but not any more.
They could, of course, be maintaining a database of their former customers, years after the business relationship ended, which includes their email addresses and SSNs. In which case, the proper security measure would be a class-action lawsuit against AT&T. Or of course, it’s possible that it’s a pure scammer who has nothing but email addresses, and is just scaring people by saying that they found SSNs (maybe in the hopes that they’ll accidentally use their real username/password for some important account, on the login screen). I’ll have to take another look at that email she got.