Update docs/lfd121.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>

Author: david-a-wheeler

docs/lfd121.md

@@ -325,7 +325,7 @@ Sometimes these factors are also used:
 * Somewhere you are (e.g., source IP address and geolocation)
 * Something you do (e.g., behavioral profiling, keystroke/mouse dynamics)
 
-The term "multifactor authentication" (MFA) means an authentication system that requires at least two *different* factors. Having a password *and* a PIN is not MFA, because they're both "something you know". For more information, see the [OWASP Multifactor Authentation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Multifactor_Authentication_Cheat_Sheet.html).
+The term "multifactor authentication" (MFA) means an authentication system that requires at least two *different* factors. Having a password *and* a PIN is not MFA, because they're both "something you know". For more information, see the [OWASP Multifactor Authentication Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Multifactor_Authentication_Cheat_Sheet.html).
 
 Passkeys are typically MFA, because most implementations require something you have (the password manager or device where the passkey is stored) and also either something you know (a password) or something you are (a biometric) to unlock access to the passkey.  The security and risks of passkeys depend on where the passkey is stored: