Add clarification to MFA section

content/WebAuthn/WebAuthn_Developer_Guide/index.adoc

@@ -12,7 +12,9 @@ Compromised credentials continue to be the top cause of data breaches. Many onli
 FIDO2/WebAuthn offers a strong Multi-Factor Authentication (MFA) framework to minimize or replace the use of passwords with scoped public key-based credentials that are resistant to phishing, replay, and server breach attacks. User gestures such as PINs, touch, or biometrics are used to authorize use of FIDO2 credentials.
 
 == Multi-Factor Authentication
-MFA is a method of granting access to a system only after two or more pieces of evidence have been presented. These pieces of evidence, also known as factors, prove your identity. This could be something you know (secret password or PIN), something you have (mobile phone or security key), or something you are (biometrics: fingerprint or face). You’ve probably already used MFA in some form if you have withdrawn money from an ATM.
+MFA is a method of granting access to a system only after two or more pieces of evidence have been presented. These pieces of evidence, also known as factors, prove your identity. This could be something you know (secret password or PIN), something you have (mobile phone or security key), or something you are (biometrics: fingerprint or face). MFA requires two different factor types, so while using two instances of the same factor type (like a password and a PIN) may improve security, it is not MFA.
+
+You’ve probably already used MFA in some form if you have withdrawn money from an ATM:
 
 * Your identity was proven by the bank before your account was created
 * The bank card is the something you have