How does multi-factor authentication enhance security against phishing?